Making it Easier to Federate
InCommon Shibboleth Workshop
March 17 – 18, 2020
Hosted by Rice University
6100 Main St., Houston, TX 77005
Looking to deploy InCommon-ready Shibboleth Service and Identity Providers in a way that’s easy to install and manage? Want first-hand experience with the world of containers and how they can make your life easier? Plan to join us for the next InCommon Shibboleth Installation Workshop.
This two-day session will focus on the InCommon Trusted Access Platform packaged software (formerly known as TIER) — including configuration and operation. Both the Identity and Service Provider packages can be pre-configured to integrate out of the box with the InCommon Federation using recommended defaults.
Thinking about modernizing your operations? Join us and learn about the DevOps approach to managing your development and operations and how you can use the Docker containerized version of the software to streamline your work load. All of the training is done on a AWS-based virtual machine (VM) in our training environment, so you won’t need to know the details about containers.
The Fine Print
What to expect:
- A two-day, directed self-paced workshop
- Hands-on configuration and operation of the identity provider and service provider software
- Experienced trainers providing overviews and one-on-one help
- Discussions on configuration and suggested practices for federation
- Attendance is limited to 30
The workshops will offer the chance to:
- Install prototype Shibboleth identity and service provider containers in our training environment
- Gain experience with the Docker container version of the Shibboleth IdP and SP
- Discuss how to configure and run the software in production
- We will also discuss integration with other identity management components
Knowledge of identity management concepts and related implementation experience is strongly recommended.
|Collaboration Success Program Alumni||InCommon Participant||Non-Participant|
|Early Bird Rate*||$1,500||$1,800||$2,300|
*Early Bird rates apply through February 7, 2020
Ample caffeine and snacks are included in the tuition rate (morning break service, lunch, and an afternoon break service)
Directions and Parking
The workshop will be held hosted by Rice University. The campus maps can be found here.
The Rice University campus is in southwest central Houston at 6100 Main St. Rice is located across Main Street from the Texas Medical Center and is convenient to Reliant Park, downtown, the Museum District, the Rice Village and Hermann Park, which includes the Houston Zoo, an 18-hole golf course and the Houston Museum of Natural Science.
The training will be held in the lecture rom 280 (second floor) of the BioScience Research Collaborative center.
The most accessible parking location is next door to the training facility, at the BioScience Research Collaborative parking garage, rates are $11 per day.
There is a wide variety of hotels in Houston walking distance to the training facility, meeting all price points. There is not a room block reserved for the training participants.
Recommended hotels can be found here. Please be sure to ask for a Rice discount rate when booking!
These hotels are closest to campus:
- Hotel ZaZa (approx. ¼ mile from the Rice Campus) – 5701 Main Street – (713) 526-1991
- Houston Marriott Medical Center (approx. ¾ mile from the Rice Campus) – 6580 Fannin Street – (713) 796-0080
- Hilton Houston Plaza/Medical Center – 6633 Travis Street – (713) 313-4000
Rice University is served by both the William P. Hobby airport and the George Bush International airports. Latest information for each can be found here.
- Hobby Airport is the closest airport to the university (about a 30-minute drive in favorable traffic conditions).
- George Bush Intercontinental Airport, which is much larger, is generally just under an hour’s drive away, but the drive can take longer in peak traffic times.
- Shuttle bus service is available from Bush Intercontinental Airport and Hobby Airport to most hotels in the Rice University area. For more information, contact Airport Express at 713-523-8888. Taxi service to the university costs about twice as much as the airport shuttle bus, and limousine service is typically twice the taxi rate. Uber and Lyft are also available. Please visit their respective sites for estimated fares.
- Directions to campus from Hobby:Take the main airport exit, which is Broadway Boulevard. Follow Broadway Boulevard to I-45. Follow I-45 north to Highway 59. Follow Highway 59 south to the Greenbriar exit. Upon exiting, go south (left) on Greenbriar to Rice Boulevard. Turn left onto Rice Boulevard. The campus will be on your right.
- Directions to campus from George Bush Intercontinental airport:Take Beltway 8 east to Highway 59. Follow Highway 59 south to the Greenbriar exit (you will pass Loop 610, I-10 and I-45 before you reach Greenbriar). Upon exiting, go south (left) on Greenbriar to Rice Boulevard. Turn left onto Rice Boulevard. The Rice campus will be on your right.
Before You Arrive
Read and follow the preparation instructions:
We use VMs hosted on Amazon Web Services – these will be available the day of the class, so there is nothing you need download ahead of time.
Please note that the training requires you to bring a laptop.
- You will need to have either an RDP client (for Windows) or SSH client (for Linux), plus root access to modify your /etc/hosts files, depending on your choice of operating system for this class.
- The training makes use of Virtual Machines (VMs) derived from Amazon Marketplace Images (AMI) loaded on Amazon Web Services. The training team will provide access instructions when you arrive for the first day of the training.
- You will need root/administrator access on the computer you will be bringing to class so that you can modify the local hosts file.
- Your VM will be available during the training and for two weeks after the training, should you opt to keep the VM open. After two weeks, the VM will no longer exist, so be sure to save anything you need within two weeks of the end of the training.
- DevOps, Docker and Internet2 packaged software (overview/background)
- Internet2’s Packaged Shibboleth IdP Training (https://spaces.at.internet2.edu/x/3BX9Bg)
- Planning Your IdP Service
- Authentication, attributes, LDAP, containers
- The Internet2 Packaged Shibboleth Docker IdP (see details on the wiki)
- The IdP Container
- Deploying the container
- Container Lifecycle
- Build your config
- Build a Docker image
- Understanding configuration files and options
- Run the container
- Making configuration changes
- Planning Your IdP Service
- A word about the InCommon-ready configuration and InCommon Baseline Expectations
- Advanced IdP Tasks
- Customizing the login page
- IdP-Initiated SSO
- Advanced Attribute Filter Policies
- Scripted Attributes
- Deliberate Failure
- SP installation and configuration (use Internet2 packaged container)
- Reinforce key concepts about DevOps, containers, Internet2 packaged software
- Federated identity, SSO, and attributes
- Understanding the Shibboleth SP
- Authentication process – attributes, assertions
- How applications see and use information
- The SP container – creation and deployment
- Simple resource protection
- Application integration – more art than science
- Advanced Discussion Topics
- Dealing with XML
- SAML proxies
- Per-entity metadata
- Discovery services
- Error handling
- Scopes, attributes, and metadata filtering
- Working/dealing with vendors
Tuesday and Wednesday, March 17 – 18, 2020
- 8:30 – check-in Opens
- 9:00 – 10:30 – welcome, introductions, background, begin install
- 10:30 – 10:45 – break
- 10:45 – 12:00 – session
- 12:00 – 1:00 – lunch
- 1:00 – 3:00 – session
- 3:00 – 3:15 – break
- 3:15 – 5:00 – session
Cancellations received on or before 11:59:59 PM EST on March 6, 2020 are entitled to a full conference refund less a $20 administrative fee. There will be no refunds after this date. If you cancel after 11:59:59 PM EST on March 6, 2020 and have not paid by any other means, your credit card will be charged the cost of the registration fee. If you cancel your registration after 11:59:59 PM EST on March 6, 2020, you may name another person from your organization to take your place for meetings that allow transferred registrations. To cancel, transfer, or make changes to your registration, please contact firstname.lastname@example.org. Thank you
Any person who attends an Internet2 event or workshop grants permission to Internet2 to use and publish his or her image or likeness collected in connection with the event for any usual and customary purpose of Internet2, including promotion of Internet2 and its programs.
As part of this event, participants in this conference may be videotaped, audiotaped, or otherwise recorded, and this footage may be edited, streamed, archived, broadcast, and otherwise retained by Internet2 or made available to the public. By participating in this conference, Participant consents to Internet2 performing these actions, and agrees to hold harmless Internet2 and its affiliates, members, trustees, agents, officers, contractors, volunteers, and employees against any and all legal claims arising out of, by reason of, or caused by the performance of these actions or other use or distribution of any footage.
(Updated July 1, 2015)
Internet2 values your privacy. We recognize that you may be concerned about how we will treat the information that you share while registering for an event through our website (www.internet2.edu).
2. WHAT THIS POLICY COVERS
3. WHAT INFORMATION IS COLLECTED
When you register for an event hosted by Internet2, we may ask you to provide information including, but not limited to, your name, gender, title, institution/affiliation, mailing address, email address, phone number, and fax number. If you are paying an event registration fee with a credit card, we may collect the credit card number, credit card expiration date, and the cardholder’s name. When applicable to the event, we also may ask you about meal preferences, allergies, special needs, and emergency contact information.
4. WHY WE COLLECT THIS INFORMATION
We collect your information for organizational purposes relating to the event you will be attending. We also may use your contact information to communicate with you about Internet2 news and events. We collect credit card information so we can process and record your transaction, properly bill your account, and issue you a receipt. If you choose to provide your gender, we use this information strictly for statistical reporting purposes and will not associate your name or other personal information with your gender in such reporting.
5. WHAT THIRD PARTIES, IF ANY, IS THE DATA SHARED WITH
As a long-standing organizational practice, we may post an event attendee list, including attendee names and institutions, on the event website (Internet2 members or others with InCommon credentials may log in to access attendee email addresses). We post this information online as a service for conference participants, offering a convenient way for the community to collaborate. Internet2 does not sell the contact information of event attendees. Visitors to our website are not permitted to sell, harvest, or generate mailing lists from the event attendee list, nor should they use it for promotional purposes.
Also, as a benefit of sponsoring our events, sponsors receive an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable. We closely coordinate with sponsors so that attendees receive information of value about the sponsor, and not just sales materials.
Occasionally, third parties from the research and education community request event attendee lists for purposes of developing surveys, identifying community needs, or collecting data that will be used in research projects that will benefit the community. Upon request, we will share with these third parties an event attendee list including attendee names, titles, institutions, postal addresses, phone and fax numbers, as applicable.
We will never store or share with third parties the credit card information we collect from you. Protected health information (PHI) may be shared with third parties only with your permission and to the extent necessary to accommodate your needs at an event. PHI is deleted from our records following completion of the event.
6. HOW WE SECURE YOUR INFORMATION
Internet2 uses industry-standard methods to maintain the security of the information you provide us. However, we cannot guarantee that such information will never be accessed, used or released in a manner that is inconsistent with this policy, and we expressly disclaim any liability for any loss, misuse, alteration or unauthorized disclosure of your information.
7. HOW YOU CAN OPT OUT
The opportunity to opt out of any of the lists described in Section V. above is available during the registration process. Additionally, any recipient of an automatically-generated email from Internet2 may unsubscribe from future messages via a link at the bottom of each message.
8. ACCESS TO PERSONAL INFORMATION AND OPPORTUNITY TO UPDATE INFORMATION
9. NOTICE FOR UPDATES AND CHANGES TO POLICY
10. WHO TO CONTACT IF YOU HAVE QUESTIONS