AAI Workshop for Service and Resource Providers

15-16 March 2016, 09:00-17:00

Kilburn Building, School of Computer Science, University of Manchester, Oxford Road, Manchester M13 9PL, UK

Workshop Information

The workshop is intended in particular for organizations that provide resources and services for ELIXIR (life sciences) and DARIAH (art and humanities) research infrastructures. The workshop is divided into two parts. The first part is more generic and useful to any service provider interested in providing online services to SAML based identity federation. The second part is more specific and focuses on integrating a service with ELIXIR and DARIAH research infrastructure respectively.

The aim of this workshop is to help the service providers to make their resources and services available to the users of the research infrastructure. This workshop has a down-to-earth and hands-on approach that will be rather technical and detailed at times. The workshop teaches in practice how to install the open source Shibboleth software needed to integrate in the research infrastructure. The participants will install, test and configure a Service Provider using open source Shibboleth SP software. The goal is to make the participants familiar with the basic configuration of Shibboleth SP. At the end of the training participants should be familiar with the basic aspects of running a Shibboleth SP and integrating it to ELIXIR or DARIAH research infrastructures.

The workshop is a mix of lectures and hands-on lessons where participants will have an opportunity to play around with installing and setting up code.

Main goals of the training

  • Install and configure a Shibboleth Service Provider 2
  • Know how and where to configure basic functionalities
  • Learn how to protect static web pages and applications
  • Understand how attributes can be used within web applications
  • Learn how to integrate the Shibboleth SP to ELIXIR or DARIAH and what additional services they offer

Date and time

15-16 March 2016, 09:00-17:00

Location

Kilburn Building, School of Computer Science, University of Manchester, Oxford Road, Manchester M13 9PL, UK.

Room 2.15 on Day 1, Room 1.10 and Mercury Room on Day 2

Get directions with OpenStreetMap or Google Maps.

Local travel and accomodation information. Also make sure you have a visa for the UK, if you require one.

Requirements

Participants should bring a laptop - if you do not have one, please let the organizers know in advance. You may also be paired with someone else.

Participants should have a basic understanding of federations and federated identity management, including the terms and the benefits. Participants should also be familiar with the concept and the motivation of running Authentication and Authorization Infrastructure (AAI) services. The basic Linux skills are also strongly recommended.

The training is performed on a virtual machine (VM). The VM image that can be run in Virtual Box (recommended) or VMware Player/Fusion. To run the SP Training VM the following minimal requirements have to be met:

  • User must have administration privileges on the laptop
  • Any recent (< 4 years) Intel or AMD processor.
  • 4 GByte RAM (at least 1.5GB free memory)
  • 12 GByte free harddisk space
  • Internet Connectivity
  • VirtualBox (or VMWare Player) installed and fully operational.

Also, have a look at the documentation from the Preparation section below.

Training material

Below are training material used at or useful for the training:

Contact

Please email a.nenadic@manchester.ac.uk or ari-matti.saren@csc.fi for more information.

Workshop Registration

Register for the workshop via EventBrite.


Acknowledgements and Support

This workshop is organised and supported by the AARC project, DARIAH-DE, ELIXIR-FI and ELIXIR-UK, and the GÉANT project.


Schedule

The workshop has two parts: Day 1 is common to all participants. Day 2 will have parallel sessions to cover more community specific topics.

Day 1 (Room 2.15): Providing online services to a SAML based identity federation using Shibboleth software

Trainers: Lukas Hämmerle (GÉANT/SWITCH), Martin Haase (DAASI), Mikael Linden (CSC), Irina Mikhailava (GÉANT), Timo Mustonen (CSC)

A resource or service provider needs to install a server called Service Provider (SP) and integrate it with his or her service in order to securely provide resources and services to a SAML based identity federation online. In this submodule the participants install, test and configure a Service Provider using open source Shibboleth SP software. The goal is to make the participants familiar with the basics configuration of Shibboleth SP. At the end of the training participants should be familiar with the basic aspects of running a Shibboleth SP.

09:00 Welcome and Introductions
09:15 Federated Identity Management, SAML, Shibboleth and VM Setup
10:30 Coffee break
10:50 Basic Shibboleth SP Installation and Configuration
12:30 Lunch break
13:30 Session Handling and User Attributes
15:00 Coffee break
15:20 Access Control, Advanced Topics and Q&A session
17:00 Close

Day 2 (Room 1.10 and Mercury Room)

ELIXIR session (Room 1.10)

Trainers: Michal Prochazka (ELIXIR-CZ), Mikael Linden (ELIXIR-FI)

09:00 Coffee and arrivals
09:15 Introduction to ELIXIR AAI
10:45 Coffee break
11:00 Integrating a SAML SP to the ELIXIR AAI
12:30 Lunch
13:30 Group management in ELIXIR
15:00 Coffee break
15:15 Integrating ELIXIR groups into the SAML SP
16:15 Wrap-up and post-workshop questionnaire
16:30 Close

DARIAH session (Mercury Room)

Trainers: Peter Gietz, Martin Haase (DARIAH-DE / DAASI International)

09:00 Coffee and arrivals
09:15 Introduction to the DARIAH AAI
10:45 Coffee break
11:00 Configuring the Shibboleth SP for the DARIAH AAI (Overview, and Hands-On Part I)
12:30 Lunch break
13:30 Configuring the Shibboleth SP for the DARIAH AAI (Hands-On Part II)
15:00 Coffee break
15:15 Options for connecting your SP with DARIAH AAI
16:15 Wrap-up and post-workshop questionnaire
16:30 Close

Preparation

Please read the following documentation before the workshop:

Things to bring to the training

For the training you need a moderately powerful laptop with:
  • a WiFi interface
  • at least 2GB RAM
  • at least 10GB available hard drive space
  • Virtual Box/VMware Player must be installed (see below) together with the workshop VM image you downloaded and tested like described below.
Note that the laptop should not be older than 3-4 years. Otherwise, running the VirtualBox VM might very slow. Please also make sure you have administrator/root privileges for this laptop!

Download and Test Workshop VM Image

In order to ensure every participant has a working setup for the hands-on sessions, we kindly ask you to perform the following steps before the event. Only little time will be available to troubleshoot basic VirtualBox/VMware/OS problems at the event itself.
  1. Download and install VM solution: Virtual Box VMware Player or VMware Fusion work too but Virtual Box is recommended Under Windows Vista or newer, please use the administrator account to install the software!
  2. Download and uncompress the Workshop VM Image (ca. 1.7 GByte) from: http://swit.ch/AAI-Workshop-VM-2016-Manchester.zip
  3. Open/import the SP Training VM image with VirtualBox or VMWare
  4. Start the Training VM image. You should see how the guest system (Ubuntu 14.04 LTS) starts. After the boot process, Firefox should be opened automatically. The page you should see is the workshop page, so: http://anenadic.github.io/2016-03-15-elixir-aai-workshop-manchester/ - If you see this page, the VM Image has network connectivity and all should be ok. You can now turn off the VM image. (you might change the keyboard settings and other GUI preferences but please don't change anything else) - If you don't see this page, your laptop probably is not connected to the Internet or then there is another problem. If you don't manage to resolve the issues, please let us know before the training.