Say Goodbye to WebAuth and Hello to SAML

Where will the conversation continue?

shibboleth-partners@lists.stanford.edu

Adam Lewenberg and Vivien Wu gave an overview of WebAuth to SAML authentication change required by 4/30/18 for UIT, and 8/30/18 for rest of campus.

Notes

Say Goodbye to WebAuth, Hello to SAML

2017 Stanford IT Unconference

Adam Lewenberg, Vivien Wu (University IT)

Nov 30, 2017 Thursday

Notes

SAML (Security Assertion Markup Language) is an Authentication and Authorization protocol that Stanford is moving to - to power single-signon and identity management underlying WebLogin.
Key Dates
- UIT: migrate 90% of applications to from WebAuth to SAML by April 30, 2018.
  - Note: The remaining 10% are applications that we are still planning the best transitions: these are for a few services with deeper technical dependencies on WebAuth (e.g. WebAFS, personal www sites).
- Other Departments: Please migrate by August 30, 2018.
How To: Instructions have been published to help you migrate from WebAuth to SAML (see link in resource list).
Additional Attributes: There are nine default metadata attributes. To request an additional attribute, you’ll need to place a request and get data owner approval. See Attribute policy link below.
Feedback from 11/30/17 Session Audience
- Along with SP metadata, add stem or workgroup owned.
- Provide Windows-specific instructions.
- Targeted email to keytab owners (with drilldown if possible) would be helpful.
Other Questions
- If interested in info from IdP (Identity Provider), one option could be exposing to your application on environment variables (could be available in your browser),
- Instructions for setting up with AWS account should follow the migration instructions (has worked for those in the audience who tried it).

Resources