Shibboleth

  • Provides inter-institutional AuthN and AuthZ
  • Two Parts: Identity Provider, Service Provider
  • Identity Provider
    • Uses Java and Tomcat
    • Uses Apache as web server
    • Uses CUWebAuth to authenticate users with who have a Cornell NetID
    • Uses Directory Server to get AuthZ information via LDAP and SSL
      • Uses BindID and password to authenticate to Directory Server
    • Configured to use with InCommon federation
  • Service Provider
    • Uses Apache
    • Uses SSL
    • Written in C/C++ with lots-o-libraries, such as ...
      • libcurl
      • log4cpp
      • Xeces-C
      • XML-Security-C
      • OpenSAML
    • CIT does not currently run a Service Provider, but examples of some Service Providers in the InCommon federation are these library vendors ...
      • OCLC
      • EBSCO
      • ScienceDirect
  • Identity Provider Machine info follows ...
  • OS: Solaris 5.9 Cluster
  • No automatic fail over
    • But can be moved manually via scswitch commands
  • No load balancing
  • Machines are in server farm
    • Two factor AuthN required for SSH login
  • Production: 3 node cluster
    • Shares node with some other IdM web apps
  • Test: 2 node cluster
  • Dev: 2 node cluster
  • No labels