![[PDF]](images/pdf.png)
GILEAD
Introduction & Outline
The University of Leeds is applying for funding which will enable us to become an early adopter of Shibboleth technology. The proposal is brought on behalf of the University through a partnership between Information Systems Services (ISS), the University Library and the Faculty of Biological Sciences. The University is currently engaged in a major initiative which aims to provide simplified or single sign-on capability to a wide range of internal and external information systems. As part of this endeavour the University aims to transition away from a number of existing access management solutions. The University resolved 18 months ago to rationalise the number of directory services on campus and has now adopted Microsoft’s Active Directory (AD) as an institution-wide LDAP service. For the first time we now have a directory which contains all students and staff and AD is now being used to authenticate access to a wide range of both Microsoft and non-Microsoft systems. The University’s aim is to reduce the number of username & password databases it has to populate and manage and the adoption of Shibboleth has been identified as an important component in our drive to simplify access to a number of commonly used teaching and research-orientated resources.
The main objectives of the proposed project, Gilead, are to (i) as a prototype, use Guanxi derived Shibboleth Origins to test federation arrangements between Leeds and Manchester Universities; (ii) modify a number of existing resources to act as Shibboleth Targets and (iii) as the ultimate goal, move to using a University of Leeds institutional Shibboleth Origin, testing this with different attribute sources. The project will run from March 2005 – March 2006. It is anticipated that the main objectives of authenticating access to our VLE via our Shibboleth Origin and use of the Athens-Shibboleth Gateway Service will be operational in time for the start of the 2005/06 Academic Year.
Project Description
Creation of a Shibboleth Origin
In pursuance of its strategic aim to move towards simplified and single sign-on, the University of Leeds is seeking to implement an institution-wide Shibboleth Origin. It is intended that the Origin will use secure LDAP to authenticate users against the University’s Active Directory. We will also investigate authorisation via the use of multiple Attribute Stores including our Student Information Management System (which is based on SCT Banner), Active Directory, SAP HR and SQL databases. It is our intention to use the implementation of Shibboleth provided and supported by Eduserv rather than the Internet2 download.
The University of Leeds wishes to adopt Shibboleth as the main access management solution for access to Athens-controlled resources. Through the creation of our institutional Shibboleth Origin and the use of the Athens-Shibboleth gateway provided by Eduserv we hope to remove the requirement to issue individual Athens accounts to our users. Our Origin will use our Active Directory via LDAP to authenticate users.
Bodington.org [is now involved in Guanxi, a JISC funded project to enable systems based on Bodington to act as both a Shibboleth Target and a Shibboleth Origin. It is our intention to build on the work done as part of the Guanxi project by building the Shibboleth Target functionality derived from their work into our production Bodington-based systems and use our institutional Shibboleth Origin to authenticate and authorise access to them. This will be done via the University’s Active Directory which now contains all staff and students. Users are already familiar with their AD credentials as they are already widely used to access public PC, Exchange and the student webmail service. Direct authentication to Bodington Common against Active Directory was considered but has been ruled out. Using Shibboleth as a mediator will also enable access to Bodington Common’s resources from students at other institutions who are running their own Shibboleth Origins. This work will also involve the integration of our VLE with our Student and Staff Management Information Systems (SAP and Banner) using them as an Attribute Store or copying the information into a separate attribute store.
Creation of Shibboleth Targets
The project will also develop a number of Shibboleth Targets.
- British Education Index
- WUNLearn Bodington Server
- mvnForum Bulletin Board
- Scion’s Bioinformatics Resources
Further information: http://www.leeds.ac.uk/iss/projects/gilead/