integrating running apps into federations janus
play

Integrating running apps into federations + JANUS Terena Eurocamp, - PowerPoint PPT Presentation

Sep 24, 2022 •437 likes •612 views

Integrating running apps into federations + JANUS Terena Eurocamp, 11/2009, Budapest Ernesto Revilla erny@yaco.es 1 Integrating running apps into federations Background: Yaco (30 pers Open Source company) Setting up the andalusian

  1. Integrating running apps into federations + JANUS Terena Eurocamp, 11/2009, Budapest Ernesto Revilla erny@yaco.es 1

  2. Integrating running apps into federations Background:  Yaco (30 pers Open Source company)  Setting up the andalusian (south spanish) federation CONFIA  started July 2009, due Jan 2010  10 Public Universities  Tasks:  Provide common infrastructure (validator, IdP homeless, metadata editor and publishing, CMS,...  Provide LMS SP provisioning connectors (SAML2) for Moodle, ILIAS 4, WebCT.  Help to set up IdPs & SPs, etc., Doc (Rules, etc.) 2

  3. Integrating running apps into federations The main problem  Create another door to get into the app:  Allow users from outside  SSO  Don't trust apps authn  Reuse authentication infrastructure 3

  4. Integrating running apps into federations How  Put SP (door) before apps  Great OS Apps (SSP, Shibboleth, OIOSAML, etc.)  SP != App  One SP, several apps  One app, several SPs  MAY live in different nodes  SHOULD be in same FQDN (use proxy!)  Adjust SP to apps needs 4

  5. Integrating running apps into federations Problems that arise:  No clean separation between authn/authz  Default read permission hold for every authntd user?  User identifiers  Not acceptable? (@, -, _)  What happens with existing identifiers?  Possible name collisions?  Must consider specially local identifiers  Application logout -> SLO  SP <-> App coupling 5

  6. Integrating running apps into federations Our experiencies:  We use SSP  Simple to install/config  Easy to develop new modules (for SP specific needs!)  Good documentation  Scalable  Open source 6

  7. Integrating running apps into federations Protectings apps: trac  python-> still no native SAML package (until now, thanx to Roland)  use authmemcookie  use memcached (good!) (configure the session store!)  incorrect default permissions for 'authenticated' -> reconfigure default permissions  post-logout works! (can modify link text & action)  explicit provisioning not needed  not so tightly coupled (good!) 7

  8. Integrating running apps into federations Protectings apps: subversion  Still not done  Could use svn+ssh://, but infrastructure problem (port 22 reserved)  Difficult to plugin some oauth style authn  Google just generates a special password 8

  9. Integrating running apps into federations Protectings apps: moodle  Outdated authn plugin, now updated, part of project in trunk  Php, integration near to trivial:  User provisioning on-the-fly thru API  User-course enrollment on-the-fly thru API  Problems:  Need to know all data during login (courses)  Still no AttributeQuery (front-channel, back- channel, VO?) (bad)  Tightly coupled (bad) 9

  10. Integrating running apps into federations Protectings apps: ILIAS 4  Outdated shib support in trunk  Now corrected  Requested to use this one, so use ship 2.0 SP module  User provisioning and course enrollment working  Working on logout 10

  11. Integrating running apps into federations Protectings apps: WebCT  Uses auto sign-on protocol  Poor documentation, confusing examples  Loosely coupled (good!)  Uses POSTs to 'adapters' to provision users  Uses MAC (Message Authn Code)  Argument ordering/mac important!  On-the-fly user provisioning already works  Enrollment still missing (due 30/11)  Logout?  Actually it's a module for SSP 11

  12. Integrating running apps into federations Protectings apps: When django?  Very soon!  Due 12/2009  Based on Rolands work  WSGI Middleware 12

  13. Integrating running apps into federations Some conclusions:  On-the-fly provisioning possible  We like SSP (philosophy, project, people)  Sending all courses during Authn not very scalable  Authmemcookie good for apps with basic auth.  AttributeCollector: get attributes from SIS & other sources (actually RDBMS, should be easy to create LDAP, SOAP/REST, etc.) 13

  14. JANUS Summary  Federation Metadata editing & publishings  ARP editing  Module for SSP  Open Source (code.google.com/p/janus-ssp)  Created and sponsored WAYF.DK  Contributions from YACO 14

  15. JANUS A nearer look:  stores metadata in SQL  periodically pulls fresh medatadata from SPs & IdPs (cron)  checks certificates againts CRLs/OCSP  sends emails if problems arise  uses multiauth (saml2, x509)  REST/Json WS to get IdP & SP state for publishing anywhere  RESTful API for updating metadata still missing 15

  16. Integrating running apps into federations + JANUS Any questions? Any suggestions? Thanks for your attention CU at SSP list & code.google.com/p/yaco-ssp-modules erny@yaco.es 16

Recommend

Integrating non web-based services with identity federations Jens Khler, Michael Simon,

Integrating non web-based services with identity federations Jens Khler, Michael Simon,

bw IDM Integrating non web-based services with identity federations Jens Khler, Michael Simon, Sebastian Labitzke, Tobias Dussa, Martin Nubaumer bw IDM The bwIDM project Services of the state of Baden-Wrttemberg placed at

560 views • 11 slides
Asynchronous event/state notifications Janus Where were we? Admin API in the Janus WebRTC

Asynchronous event/state notifications Janus Where were we? Admin API in the Janus WebRTC

FOSDEM2017 L. Miniero Asynchronous event/state notifications Janus Where were we? Admin API in the Janus WebRTC server Monitoring Event Handlers Homer/HEP Providing administrators and developers with more tools to manage a Janus instance

1.21k views • 95 slides
Creating a new Android project CS/SE Individual Practical Stephen Gilmore October 7, 2011

Creating a new Android project CS/SE Individual Practical Stephen Gilmore October 7, 2011

Getting started Running an application Managing apps Debugging apps Designing layouts with XML Getting started Running an application Managing apps Debugging apps Designing layouts with XML Creating a new Android project CS/SE Individual

292 views • 8 slides
Going Google Integrating Google Apps into the College Curriculum Do you know a teacher whose

Going Google Integrating Google Apps into the College Curriculum Do you know a teacher whose

Going Google Integrating Google Apps into the College Curriculum Do you know a teacher whose students: Are accounted for at class time? Are prepared and have their work handy? Turn in assignments when they're due? Imagine a

478 views • 44 slides
Janus: a general purpose WebRTC gateway Standardization Gateways Requirements Janus Modules

Janus: a general purpose WebRTC gateway Standardization Gateways Requirements Janus Modules

Janus L. Miniero Intro WebRTC Janus: a general purpose WebRTC gateway Standardization Gateways Requirements Janus Modules and APIs Lorenzo Miniero lorenzo@meetecho.com A few examples Next steps FOSDEM 2016 Real Time devroom 30 th

429 views • 41 slides
Janus Henderson Global Investors Janus Capital Group Inc. and Henderson Group plc Recommended

Janus Henderson Global Investors Janus Capital Group Inc. and Henderson Group plc Recommended

Janus Henderson Global Investors Janus Capital Group Inc. and Henderson Group plc Recommended Merger of Equals Monday 3 October 2016 Andrew Formica Chief Executive, Henderson Group plc Dick Weil Chief Executive Officer, Janus Capital Group Inc.

594 views • 20 slides
EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov

EVE: verifying correct execution of cloud-hosted web applications Suman Jana Vitaly Shmatikov The University of Texas at Austin Running interactive web-apps in the cloud Running interactive web-apps in the cloud Running interactive web-apps

442 views • 31 slides
Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM? Yes, I can SSH into my Mininet VM Install and run X11 Server Mac users: XQuartz: https://www.xquartz.org/ Windows users: Use

560 views • 15 slides
Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of

WELCOME Small Business Apps WHAT ARE MOBI LE APPS ? W h a t are mob i le apps ? A little bit of information An App is a piece of so ware (a program) that needs to be installed on Mobile Apps are device specific, meaning that an App that runs

268 views • 12 slides
Running Apps at the Edge with AWS IoT Greengrass Machine Intelligence Modern Infrastructure

Running Apps at the Edge with AWS IoT Greengrass Machine Intelligence Modern Infrastructure

Running Apps at the Edge with AWS IoT Greengrass Machine Intelligence Modern Infrastructure http://mi2.live What is MI2? MI2 Webinars focus on the convergence of machine intelligence and modern infrastructure . Every alternate week, I deliver

335 views • 17 slides
Janus: back to the future of WebRTC History IETF WebRTC Janus Gateways Lorenzo Miniero

Janus: back to the future of WebRTC History IETF WebRTC Janus Gateways Lorenzo Miniero

TF-WebRTC L. Miniero Meetecho Janus: back to the future of WebRTC History IETF WebRTC Janus Gateways Lorenzo Miniero Requirements Architecture lorenzo@meetecho.com Next steps 1 st TF-WebRTC meeting 15 th December 2014, Paris Outline

653 views • 44 slides
Writing a Janus plugin in Lua C can be a scary world, let us come to the rescue! Lorenzo Miniero

Writing a Janus plugin in Lua C can be a scary world, let us come to the rescue! Lorenzo Miniero

Writing a Janus plugin in Lua C can be a scary world, let us come to the rescue! Lorenzo Miniero @elminiero FOSDEM 2018 Real Time devroom 4 th February 2018, Brussels Remember Janus? A door between the communications past and future

677 views • 50 slides
Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can

Boxing them in Buggy apps can crash other apps The Kernel App 1 App 2 App 3 Buggy apps can crash OS wants to be your friend Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

548 views • 17 slides
Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what

Data protection law a new challenge for International Sports Federations GDPR and what International Sports Federations must know Bangkok, 20 April 2018 Franois Carrard, Dr . iur ., Attorney-at-law www.kellerhals-carrard.ch AGENDA 1.

440 views • 19 slides
CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data

CVMFS for Data Federations Derek Weitzel University of Nebraska - Lincoln Problem with Data Federations Users must know the exact filenames for each job. They have to use special tools they are unfamiliar with in order to use it (such

408 views • 18 slides
F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS

F ROM WEBSITES TO APPS , AND NOW FROM APPS TO CHATBOTS ? A NTNIO B RANCO FROM APPS TO CHATBOTS CEO of large social network in annual development conference 2 months ago Shared vision for next 2 decades: past : with advent of PCs, companies

498 views • 14 slides
DATA AT SWEDEN'S TELEVISION Ismail Elouafiq A wide spectrum of Apps A wide spectrum of Apps

DATA AT SWEDEN'S TELEVISION Ismail Elouafiq A wide spectrum of Apps A wide spectrum of Apps

LESSONS &amp; PITFALLS DATA AT SWEDEN'S TELEVISION Ismail Elouafiq A wide spectrum of Apps A wide spectrum of Apps Running on different platforms A wide spectrum of Users STRATEGY ANALYSTS PRODUCT OWNERS A wide spectrum of Users STRATEGY

1.05k views • 81 slides
eID federations APAN 29, February 10th 2010, Sydney David Simonsen Today's menu eID

eID federations APAN 29, February 10th 2010, Sydney David Simonsen Today's menu eID

eID federations APAN 29, February 10th 2010, Sydney David Simonsen Today's menu eID federations introduction &amp; overview About WAYF, the Danish eID federation (funding organisation, staff etc.) Federation

2.39k views • 180 slides
Low-mass dileptons at HADES and CBM in a transport approach Janus Weil FIAS with H. van Hees,

Low-mass dileptons at HADES and CBM in a transport approach Janus Weil FIAS with H. van Hees,

Low-mass dileptons at HADES and CBM in a transport approach Janus Weil FIAS with H. van Hees, U. Mosel, S. Endres, M. Bleicher CBM Collab. Meeting, 9. April 2014 Janus Weil Low-mass dileptons at HADES and CBM Outline questions &amp; topics

338 views • 21 slides
The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2

The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2

The Kernel wants to be your friend Boxing them in Buggy apps can crash other apps App 1 App 2 App 3 Buggy apps can crash OS Buggy apps can hog all resources Operating System Malicious apps can violate Reading and writing memory, privacy

1.15k views • 67 slides
Janus Manager the Self-Improving Software System Smundur . Haraldsson 50th Crest Open

Janus Manager the Self-Improving Software System Smundur . Haraldsson 50th Crest Open

Janus Manager the Self-Improving Software System Smundur . Haraldsson 50th Crest Open Workshop John R. Woodward Genetic Improvement Alexander I.E. Brownlee Overview Janus Manager - Daily activity Genetic Improvement - Nightly

682 views • 19 slides
WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest /

WebRTC Identity in SAML Federations Mihly Mszros May 19, 2015 NIIF Institute Budapest / Hungary Agenda Education &amp; Research Identity Federations SAML Terminology Overview of SAML auth call flow WebRTC Identity model

1.09k views • 52 slides
The Supreme Courts Janus Decision: No July 19, 2011 Secondary Liability, but Many Secondary

The Supreme Courts Janus Decision: No July 19, 2011 Secondary Liability, but Many Secondary

The Supreme Courts Janus Decision: No July 19, 2011 Secondary Liability, but Many Secondary Practice Group: Investment Questions Management The U.S. Supreme Courts recent decision in Janus Capital Group, Inc. v. First Derivative Traders

347 views • 6 slides
By: Taylor Thomas &amp; Ashley Fischer There are apps for just about EVERYTHING! There are

By: Taylor Thomas &amp; Ashley Fischer There are apps for just about EVERYTHING! There are

By: Taylor Thomas &amp; Ashley Fischer There are apps for just about EVERYTHING! There are new apps being developed and posted everyday. Some of the best apps you will ever find are FREE! There are two ways to download apps for

606 views • 38 slides

More recommend