IT from the Cloud

An Identity Provider (IDP) is a key component in any project using SAML authentication.  It is responsible for handling Authentication Requests from Service Providers (SP), authenticating users, resolving user attributes, and creating Assertions.  In this post, I will demonstrate how to install and configure a Shibboleth IDP on Ubuntu Linux using Tomcat and OpenLDAP. Identity Provider in the SAML authentication process The following settings will be used in this demo: SP entity ID:  https://sp.example.org SP callback URL:  https://sp.example.org/my-app/saml IDP entity ID:  https://idp.example.org/idp/shibboleth Generating SP Metadata The Identity Provider requires some information about each Service Provider it is handling Authentication Requests for including its Entity ID, its signing and encryption policy, the keys used for signing/encryption (if applicable), and the callback URL where the IDP should post Assertions.  In Shibboleth, this information is pr

With so many software options available in the cloud, it is common for an organization’s services to be comprised of a mixture of off the shelf software as a service (SaaS) and custom applications running on one of the many platforms as a service (PaaS).  An essential requirement stemming from such a heterogeneous architecture is the need for a single common and consistent user authentication interface across all the applications.  It should improve the user experience by not requiring users to log into and maintain separate credentials for each application.  It should improve security by making it easier for an organization to enforce a single authentication policy (multi-factored, PKI client cert, etc) across all its applications.  It should improve productivity by decoupling the authentication implementation from each application allowing each application to focus on implementing its core functionality.  What is SAML? A solution for implementing this requirement is using the