OverviewShibboleth
Rationale
The university's existing home-grown, cookie-based authentication system (GLAuth) has security problems and must be replaced. In addition, the university needs to support federated authentication services for interaction with contracted service providers. Existing authentication systems
do not support the most prevalent web servers on campus, Apache and IIS for Windows and Linux. Finally, the university needs to enable its departments and units to consume enterprise attributes for authorization of access in an efficient, scalable and secure manner. Shibboleth has been identified as an appropriate system for addressing these needs. By integrating Shibboleth with existing credential and attribute stores, we will be able to meet the four identified challenges.
Goals
- Implement Shibboleth 2.0 for single sign on and group-based authorization. Eliminate the practice of local web pages accepting GatorLink credentials.
- Provide extensive support to departments for their conversions from GLAuth to Shibboleth
- Refit enterprise applications to use Shibboleth. These include all those using GLAuth and Cosign as well as PeopleSoft, WebCT, ISIS, WebMail and UF Exchange
- Use Shibboleth for federated identity management for Library providers, Mobile Campus, the Athletic Association and others to be identified.
- Retire GLAuth and Cosign. These are current systems for single sign on.
Project Sponsor
- Dr. Chuck Frazier
Contacts
- Project Lead: Mike Conlon
- Technical Lead: Eli Ben-Shoshan
- Data and Security Lead: Warren Curry
Mail Listservs
Impact
End users will see a single place to sign on. All existing cookie-based authentication will be replaced including GLAuth and CoSign. This will impact over 100 departments and units using these technologies. Enterprise system work will be needed on several major systems. This work varies in complexity but will be transparent to the user.
Lab work will begin in February. A working development model will be in place in March. Preliminary assertions will be identified in March. Implementation of assertions will begin in May. Production infrastructure will be in place in July. Testing will be completed in August. Production services will be available in September. An enterprise system roadmap will be developed during the planning phase along with a roadmap for sunsetting GLAuth and CoSign services.
Presentations
Presentations of the Shibboleth Planning Team are also available.
