AAI Workshop for Service and Resource Providers
15-16 March 2016, 09:00-17:00
Kilburn Building, School of Computer Science, University of Manchester, Oxford Road, Manchester M13 9PL, UK
Workshop Information
The workshop is intended in particular for organizations that provide resources and services for ELIXIR (life sciences) and DARIAH (art and humanities) research infrastructures. The workshop is divided into two parts. The first part is more generic and useful to any service provider interested in providing online services to SAML based identity federation. The second part is more specific and focuses on integrating a service with ELIXIR and DARIAH research infrastructure respectively.
The aim of this workshop is to help the service providers to make their resources and services available to the users of the research infrastructure. This workshop has a down-to-earth and hands-on approach that will be rather technical and detailed at times. The workshop teaches in practice how to install the open source Shibboleth software needed to integrate in the research infrastructure. The participants will install, test and configure a Service Provider using open source Shibboleth SP software. The goal is to make the participants familiar with the basic configuration of Shibboleth SP. At the end of the training participants should be familiar with the basic aspects of running a Shibboleth SP and integrating it to ELIXIR or DARIAH research infrastructures.
The workshop is a mix of lectures and hands-on lessons where participants will have an opportunity to play around with installing and setting up code.
Main goals of the training
- Install and configure a Shibboleth Service Provider 2
- Know how and where to configure basic functionalities
- Learn how to protect static web pages and applications
- Understand how attributes can be used within web applications
- Learn how to integrate the Shibboleth SP to ELIXIR or DARIAH and what additional services they offer
Date and time
15-16 March 2016, 09:00-17:00
Location
Kilburn Building, School of Computer Science, University of Manchester, Oxford Road, Manchester M13 9PL, UK.
Room 2.15 on Day 1, Room 1.10 and Mercury Room on Day 2
Get directions with OpenStreetMap or Google Maps.
Local travel and accomodation information. Also make sure you have a visa for the UK, if you require one.
Requirements
Participants should bring a laptop - if you do not have one, please let the organizers know in advance. You may also be paired with someone else.
Participants should have a basic understanding of federations and federated identity management, including the terms and the benefits. Participants should also be familiar with the concept and the motivation of running Authentication and Authorization Infrastructure (AAI) services. The basic Linux skills are also strongly recommended.
The training is performed on a virtual machine (VM). The VM image that can be run in Virtual Box (recommended) or VMware Player/Fusion. To run the SP Training VM the following minimal requirements have to be met:
- User must have administration privileges on the laptop
- Any recent (< 4 years) Intel or AMD processor.
- 4 GByte RAM (at least 1.5GB free memory)
- 12 GByte free harddisk space
- Internet Connectivity
- VirtualBox (or VMWare Player) installed and fully operational.
Also, have a look at the documentation from the Preparation section below.
Training material
Below are training material used at or useful for the training:
- Shibboleth SP Training Slides (PDF)
- Hints and Test Users (PDF)
- ELIXIR AAI slides from Day 2
- DARIAH AAI slides from Day 2
Contact
Please email a.nenadic@manchester.ac.uk or ari-matti.saren@csc.fi for more information.
Workshop Registration
Register for the workshop via EventBrite.
Acknowledgements and Support
This workshop is organised and supported by the AARC project, DARIAH-DE, ELIXIR-FI and ELIXIR-UK, and the GÉANT project.
Schedule
The workshop has two parts: Day 1 is common to all participants. Day 2 will have parallel sessions to cover more community specific topics.
Day 1 (Room 2.15): Providing online services to a SAML based identity federation using Shibboleth software
Trainers: Lukas Hämmerle (GÉANT/SWITCH), Martin Haase (DAASI), Mikael Linden (CSC), Irina Mikhailava (GÉANT), Timo Mustonen (CSC)
A resource or service provider needs to install a server called Service Provider (SP) and integrate it with his or her service in order to securely provide resources and services to a SAML based identity federation online. In this submodule the participants install, test and configure a Service Provider using open source Shibboleth SP software. The goal is to make the participants familiar with the basics configuration of Shibboleth SP. At the end of the training participants should be familiar with the basic aspects of running a Shibboleth SP.
| 09:00 | Welcome and Introductions |
| 09:15 | Federated Identity Management, SAML, Shibboleth and VM Setup |
| 10:30 | Coffee break |
| 10:50 | Basic Shibboleth SP Installation and Configuration |
| 12:30 | Lunch break |
| 13:30 | Session Handling and User Attributes |
| 15:00 | Coffee break |
| 15:20 | Access Control, Advanced Topics and Q&A session |
| 17:00 | Close |
Day 2 (Room 1.10 and Mercury Room)
ELIXIR session (Room 1.10)
Trainers: Michal Prochazka (ELIXIR-CZ), Mikael Linden (ELIXIR-FI)
| 09:00 | Coffee and arrivals |
| 09:15 | Introduction to ELIXIR AAI |
| 10:45 | Coffee break |
| 11:00 | Integrating a SAML SP to the ELIXIR AAI |
| 12:30 | Lunch |
| 13:30 | Group management in ELIXIR |
| 15:00 | Coffee break |
| 15:15 | Integrating ELIXIR groups into the SAML SP |
| 16:15 | Wrap-up and post-workshop questionnaire |
| 16:30 | Close |
DARIAH session (Mercury Room)
Trainers: Peter Gietz, Martin Haase (DARIAH-DE / DAASI International)
| 09:00 | Coffee and arrivals |
| 09:15 | Introduction to the DARIAH AAI |
| 10:45 | Coffee break |
| 11:00 | Configuring the Shibboleth SP for the DARIAH AAI (Overview, and Hands-On Part I) |
| 12:30 | Lunch break |
| 13:30 | Configuring the Shibboleth SP for the DARIAH AAI (Hands-On Part II) |
| 15:00 | Coffee break |
| 15:15 | Options for connecting your SP with DARIAH AAI |
| 16:15 | Wrap-up and post-workshop questionnaire |
| 16:30 | Close |
Preparation
Please read the following documentation before the workshop:Things to bring to the training
For the training you need a moderately powerful laptop with:- a WiFi interface
- at least 2GB RAM
- at least 10GB available hard drive space
- Virtual Box/VMware Player must be installed (see below) together with the workshop VM image you downloaded and tested like described below.
Download and Test Workshop VM Image
In order to ensure every participant has a working setup for the hands-on sessions, we kindly ask you to perform the following steps before the event. Only little time will be available to troubleshoot basic VirtualBox/VMware/OS problems at the event itself.- Download and install VM solution: Virtual Box VMware Player or VMware Fusion work too but Virtual Box is recommended Under Windows Vista or newer, please use the administrator account to install the software!
- Download and uncompress the Workshop VM Image (ca. 1.7 GByte) from: http://swit.ch/AAI-Workshop-VM-2016-Manchester.zip
- Open/import the SP Training VM image with VirtualBox or VMWare
- Start the Training VM image. You should see how the guest system (Ubuntu 14.04 LTS) starts. After the boot process, Firefox should be opened automatically. The page you should see is the workshop page, so: http://anenadic.github.io/2016-03-15-elixir-aai-workshop-manchester/ - If you see this page, the VM Image has network connectivity and all should be ok. You can now turn off the VM image. (you might change the keyboard settings and other GUI preferences but please don't change anything else) - If you don't see this page, your laptop probably is not connected to the Internet or then there is another problem. If you don't manage to resolve the issues, please let us know before the training.