Evaluating the Efficiency and Effectiveness of a Federated SSO Environment Using Shibboleth

Faisal Md. Abdur  Rahman; Parves  Kamal; Saad  Mustafiz; Raihan  Taher

doi:10.4236/jis.2015.63018

Parves Kamal¹^*, Saad Mustafiz², Faisal Md. Abdur Rahman¹, Raihan Taher³

Abstract: The notion of this project is derived from our practical use of user authentication system namely Shibboleth at the University of Bedfordshire. It has been found that the University of Bedfordshire controls its various services including student portal Breo, Learning Resources and Student Email Access and others through the Shibboleth. Like the University of Bedfordshire the other Universities in the UK are also implementing the Shibboleth system in their access management control. Therefore, the researchers of this project have found it important to evaluate its efficiency and effectiveness of Shibboleth from different perspectives. In the first part of this paper it tries to explain the features of Shibboleth as SSO services and compares it with other SSO services like Athens, Kerberos, etc. Then in the middle section, the authors go through the steps of installation and configuration of the Shibboleth. In the end of the paper, based on the survey of real users of Shibboleth at the University of Bedfordshire, the authors give its insights on the effectiveness of the Shibboleth as SSO service. Throughout this investigation, the authors have applied a triangulation to find out user and service provider viewpoint about Shibboleth. Although there were some problems persisted, the authors also implemented the Shibboleth system successfully to figure out different problems, efficiency and effectiveness. The recommendations and conclusion have been provided at the end of this project.

Keywords: Shibboleth, SSO, Athens, Kerberos, Identity Provider (IdP), Service Provider (SP), Tomcat, Microsoft Passport

Cite this paper: Kamal, P. , Mustafiz, S. , Rahman, F. and Taher, R. (2015) Evaluating the Efficiency and Effectiveness of a Federated SSO Environment Using Shibboleth. Journal of Information Security, 6, 166-178. doi: 10.4236/jis.2015.63018.

References

[1] Ngo, L. and Apon, A. (2007) Using Shibboleth for Authorization and Authentication to the Subversion Version Control Repository System. IEEE Computer Society.

[2] Ghauri, P., Gronhaug, K. and Kristianslund, I. (1995) Research Methods in Business Studies: A Practical Guide. Hemel Hempstead, Prentice Hall.

[3] Scavo, T. and Cantor, S. (2005) Shibboleth Architecture Technical Overview: Working Draft 02.

[4] UK Federation Information Centre, Documents, How It Works Browse.
http://www.ukfederation.org.uk/content/Documents/HowItWorks

[5] Rixon, G. (2005) Reviews of Shibboleth.

[6] Cary, A. A Discussion of Current Methods and a Vision for Digital Libraries.
http://www.webjunction.org/documents/webjunction/
Authentication_and_Authorization.html

[7] O’Neil, M. (2003) Web Service Security. McGraw-Hill, Osborne.

[8] Pollock, N. and Cornford, J. (2000) Theory and Practice of the Virtual University: Report on UK Universities Use of New Technologies. ARIADNE, No. 24.
http://www.ariadne.ac.uk/issue24/virtual-universities/

[9] CVE-2011-1411. http://www.cvedetails.com/cve/CVE-2011-1411/

[10] Bidgoli, M. (2009) Handbook of Information Security. John Wiley & Sons Inc.

[11] TechRepublic (2003) Administor’s Guide to Active Directory. 2nd Edition, TechRepublic, KY.

[12] Aldini, A., Barteh, G. and Gorrieri, R. (2009) Foundation of Security Analysis and Design V. Springer, Germany.

[13] Shibboleth Installation.
https://wiki.shibboleth.net/confluence/display/SHIB2/Installation

[14] UK Access Management Federation.
http://www.ukfederation.org.uk/content/Documents/Setup2SP

[15] LDAP Authentication/Smartcard.
http://www.mediawiki.org/wiki/Extension:LDAP_Authentication/Smartcard_
Configuration_Examples