July 24, 2006

Shibboleth and Question Mark Perception

Writing about web page http://www.questionmark.com/uk/perception/index.htm

I spent a fair bit of Thursday and Friday integrating (our newly upgraded to version 4) installation of Question Mark Perception with our Single Sign On system.

Perception does not support Shibboleth out of the box, but it does have a web integration layer called QMWise that allows external systems to push users and other data into the system bypassing Perception's internal authentication.

A project done at Leeds and funded by JISC has created a Java layer (QMShibb) that sits on top of QMWise and allows you to easily then protect that Java layer with Shibboleth or in fact any Single Sign On system you like.

QMShibb - Shibboleth enabling Questionmark Perception
QMShibb - Installing Tomcat with IIS 6
QMShibb - Installation, configuration and testing

With the help of a Perception consultant we got this working with our own Shibboleth based Single Sign On system sitting on top of the QMShibb java layer. So, hopefully we'll very soon be able to do a lot more with Perception as the old user management overhead has now more or less gone away.

To truely minimise the admin overhead, more work should be done with QMWise so that user groupings get pushing into Perception, but the removal of username/password issues will be a great time saver.

- 4 comments by 1 or more people Not publicly viewable

  1. Max Hammond

    There's an addendum that may prove helpful to services who may be running Shibboleth, rather than a totally home–brewed solution (and possibly even then): the SPIE project have created a tool (WARPe) for managing attribute release policies. QMShibb demands Shib to break its anonymity (or psuedonymity), which won't be so helpful in a federated environment, and WARPe provides a fairly nice way to control the release of attributes.

    24 Jul 2006, 18:57

  2. The JISC conference I was at last week had a demo session with the SPIE project. It was quite nice to let the users decide their own attribute release policy, but I would think in terms of usability it would be a nightmare for 99% of people. People like you and I might think twice about releasing our name and be happy going through an additional set of screens just to login somewhere, but for more people it would be horrible.

    25 Jul 2006, 09:13

  3. This is a very good point, and might possibly reflect on the issues of user education that are bound to arise in a FAM environment. Do you think there's a philosophical difference between what Internet2 want from shib, and what the majority of institutions in this country want, which seems to be [in the first instance] a working replacement for Athens?

    25 Jul 2006, 23:10

  4. I think most institutions are indeed being scared into using Shibboleth because they need an Athens replacement by July 2008 and most are not really thinking about sharing services and users with other institutions. However, I think that will come once people get their heads around what this is all going to mean. The goverment is really pushing the idea of a joined up education system in terms of a UK wide federation that links schools, colleges, universities, research institutes and commercial organisations. That federation launches in the Autumn, but will not see an immediate wide take up until there are service providers providing resources to that federation…but they won't do that until it's worth doing by the federation having members…chicken and the egg. This is basically the problem with the troublesome and slow Athens Shibboleth takeup.

    26 Jul 2006, 09:39

Add a comment

You are not allowed to comment on this entry as it has restricted commenting permissions.

July 2006

Mo Tu We Th Fr Sa Su
Jun |  Today  | Aug
               1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30


Search this blog

Most recent comments

  • One thing that was glossed over is that if you use Spring, there is a filter you can put in your XML… by Mathew Mannion on this entry
  • You are my hero. by Mathew Mannion on this entry
  • And may all your chickens come home to roost – in a nice fluffy organic, non–supermarket farmed kind… by Julie Moreton on this entry
  • Good luck I hope that you enjoy the new job! by on this entry
  • Good luck Kieran. :) by on this entry


Not signed in
Sign in

Powered by BlogBuilder