Hi folks,
I'd like to humbly draw the list members' attentions to a new development
in the Shibboleth compatible environment. We've recently Guanxi enabled
the Bodington VLE to make it easier for institutions to join Shibboleth
federations with minimal overhead.
Guanxi is a standalone Shibboleth compatible Identity Provider. We're
working on the Service Provider part now, having just released the first
version of the IdP, which you can get from:
http://sourceforge.net/projects/guanxi
To get started with the Shibboleth profile, you can download the 2.4.2
release of the Bodington VLE. This contains a pre-configured Guanxi IdP
that lets you get up and running and join a federation with zero
configuration.
Sounds a bit hopeful doesn't it? zero configuration but that's what it
involves as it's already pre-configured to work with Bodington to provide
authentication and authorisation services in a SAML environment.
The default Attribute Release Policy (ARP) allows release of most
Bodington attributes except ones related to system administration. If you
want to play about with the ARP, you can delve into it as described on the
website, detailed below.
There's an explanation of what Guanxi is, specifically describing the
Bodington version, what it is and what you can expect to get from it. You
can read it here:
http://www.weblogs.uhi.ac.uk/sm00ay/?p=71
You've probably heard of the requirement to sign SAML assertions but the
Guanxi IdP that comes with Bodington provides a default certificate store
with pre-configured XML fragments for a Service Provider's
FederationProvider configuration and also for it's IQ-trust.xml entries
for your Guanxi IdP.
This isn't intended for a production environment. Rather it's there to
allow people to quickly install Bodington, join a federation, such as SDSS
- http://sdss.ac.uk or indeed the Athens Shibbleth Pilot and "kick the
tyres".
For a production IdP we recommend creating your own keystore and
purchasing commercially available secure certificates. By that time you
should have an idea of what's involved in running an IdP service.
The Bodington VLE has a very fine-grained user permissions environment and
combined with the Guanxi IdP you can use this to your advantage when
arranging access to SP resources in a federation.
We're currently ironing out the deployment of the IdP and we hope to
release Bodington 2.4.2 either today (Friday) or Monday. We'll make an
announcement when it's ready.
If you fancy giving it a go, the Guanxi community can provide some
Shibboleth compatible resources for you to access and we can help with
fine tuning attribute access to let you see what's involved in deploying
and managing a Shibboleth compatible IdP.
best regards,
Alistair
--
Alistair Young
Senior Software Engineer
UHI@Sabhal Mòr Ostaig
Isle of Skye
Scotland
|