OverviewShibboleth
Rationale
UF authentication systems must support the most prevalent Web servers on campus, Apache, and IIS for Windows and
Linux. The university needs to enable its departments and units to consume enterprise attributes for authorization of access in an efficient, scalable and secure manner. Shibboleth has been identified as an appropriate system for addressing these needs. By integrating Shobboleth with existing credential and attribute stores, we are able to meet the challenges of Web
service authentication and authorization.
Goals
- Implement Shibboleth 2.0 for single sign on and group-based authorization. Eliminate the practice of local web pages accepting GatorLink credentials
- Provide support to departments for their use of Shibboleth
- Refit enterprise applications to use Shibboleth
- Use Shibboleth for federated identity management for Library providers, the University Athletic Association and others to be identified
- Retire GLAuth and Cosign. These are current systems for single sign-on
Kerberos
Kerberos is a network authentication protocol. It is designed to provide strong authentication for applications by using secret-key cryptography. The Kerberos protocol uses strong cryptography so clients can prove their identity to a server (and vice versa) across a network connection. Kerberos provides authentication technology to Shibboleth and other base select services.
Project Sponsor
- Elias G. Eldayrie
Contacts
- Lead: Warren Curry
- Technical Lead: Identity and Access Administration
- Technical Support: CNS-Open Systems Group
