Leave a comment

Authentication for Windows services using SWITCH edu-ID?

Are you running a Microsoft Windows Service (e.g. Sharepoint) with non-public content connected to your organisational Active Directory (AD)? Do you want to make content available to specific external users, e.g. users with a SWITCH edu-ID? This article is for you.

While Windows Authentication remains based on Active Directory Servers, the gap between the Windows and the Shibboleth world has become bridgeable, thanks to new features in ADFS 2016.

Imagine yourself running some Microsoft Windows service such as a Sharepoint instance. You probably need to configure external authentication. This is, and always was, straightforward if you can attach Active Directory Servers to the Sharepoint instance. However, it used to turn out a bit more cumbersome if you wanted to base your external authentication on a non-Windows service like e.g. a Shibboleth IdP[1]. In short, supporting regular SWITCHaai was difficult for Windows services.

Thankfully, this has changed. ADFS 4.0, being a part of Windows Server 2016 has improved interoperability with SAML 2.0, which allows for use of a Shibboleth IdP when serving authentication requests from Windows services.

Peter M. Studer, one of the Identity Management (IdM) specialists at the University of Bern, has recently posted a blog (in German), which explains in detail how to deploy an ADFS server as a proxy to an IdP within SWITCHaai, in particular as a proxy to the SWITCH edu-ID IdP.

We find this step-by-step tutorial extremely helpful and will set up an appropriate proof of concept locally. This may be a first step towards integration of SWITCH edu-ID authentication for Windows services. If you are interested in learning more about the proof of concept, please contact us!

[1] IdP: Identity Provider

P.S.: There’s – at least – one more thing that has to be sorted out before such an idea can go into production: the metadata signature check. Any resource in a federation needs to properly link into the trust chain, something which is well prepared for resources based on Shibboleth software, but can be hard for others – yet.


Leave a comment

SWITCH edu-ID Now Speaks Italian

The user interface to create and manage a SWITCH edu-ID account was originally available in English. It was translated to French and German half a year ago.

We are happy to announce that the Italian translation of the user interface is ready and can be used as of today.

Together with the Italian user interface we have also translated and released the SWITCH edu-ID terms of use in French, German and Italian.

If you have comments or suggestions for translation enhancements please don’t hesitate to contact us.


Consultation on draft of federal E-ID law

At its meeting on 22 February 2017, the Swiss Federal Council opened a consultation on legislation on electronic identification (E-ID law, see announcements: DE, FR, IT). The consultation ended 29 May 2017.

SWITCH participated in this consultation and confirms the importance of a well-functioning and generally accepted E-ID. The identity service SWITCH edu-ID/SWITCHaai could potentially benefit from such an E-ID legislation: either to start offering an E-ID function itself, or by consuming E-ID services. Such use cases – from SWITCH and from other parties – may become important drivers for the spread of E-ID beyond pure e-government applications and for the emergence of an general-purpose E-ID ecosystem.

After evaluating the proposed delivery model in the draft E-ID-law, SWITCH proposes its revision. To ensure swift implementation and to reduce risks and complexity, SWITCH urges that the proposed market model be abandoned in favour of an implementation by the Swiss Confederation itself or by mandating it to a third party.

If the market model is to be pursued nevertheless, SWITCH proposes the use of a multi-stakeholder expert group to resolve the many open questions arising from the draft. If this group can not achieve its objectives, the market model is to be abandoned once and for all in favour of the proposed government-driven implementation model for an E-ID.

You are invited to read the full answer of SWITCH to the consultation (in German): 20170529 Vernehmlassungsantwort SWITCH E-ID-Gesetzesentwurf.

 


Bye-bye Cloud ID – Welcome SWITCH edu-ID

About 27,000 people have got mailing from the SWITCH edu-ID team April 19:
Instead of their former Cloud ID account, SWITCH edu-ID would be used as from 1st May  2017 in order to access the services SWITCHdrive and SWITCHengines.

But how should the vast majority of those users, who did not already have a SWITCH edu-ID account, come to such an identity?

Changeover without effort for 98% of users

The usual way to generate a SWITCH edu-ID account is self-registration – this in line with the principle of user centrism. However, in this case the new accounts were generated automatically in order to spare users effort.
Users who have linked their SWITCH edu-ID account with their existing AAI account(s) have substantially facilitated proper account assignment and account aggregation during conversion. Continue reading


Swiss edu-ID Update Event 2017

Save the date: Thursday 29 June 2017

The focus is put this year on an update about the project Swiss edu-ID and the service SWITCH edu-ID, whose deployment starts in 2017.
Note that no SWITCHaai specific topics are foreseen.

The event will take place June 29 , 11:00 – 16:15, in Berne at UniS, Schanzeneckstrasse 1, room A-126.

Preliminary Programme:

11:00 – 12:00   SWITCH edu-ID for beginners (for people not already familiar with SWITCH edu-ID)

12:00 – 13:15   Arrival for afternoon participants and Lunch
(afternoon participants are warmly welcome to take lunch with us)

13:15 – 14:30   Pilots and current project status

14:30 – 14:55  Coffee break

14:55 – 16:15    Status Migration Strategies, roadmap and next steps

16:15                 End of event

 

Update 2016-06-01: Registration site with updated agenda