Workshop on Identity Federation Infrastructure

Dates: December 3-4, 2016
Venue: The workshop took place at Antoun Ghattas Karam e-Classroom, Jafet Library(MAP), at the American University of Beirut (AUB)MAP
Workshop was targeted on technologies which allow federated access to the services. There are various technologies which allows users to use web based and non-web based services, internet access, etc. It was primary focusing on identity federations which are used for federated access to web based services but we will touch also eduroam infrastructure.
Federated Access: effective and secure management of authentication and identity information to build a trusted environment where users can be identified electronically using a single identity to login and access variety of available resources and applications worldwide.
eduGAIN: is a service that interconnects identity federations around the world, simplifying access to content, services and resources for the global research and education community.
eduroam: is the secure, world-wide roaming access service that allows any user from an eduroam participating site to get network access at any institution connected to eduroam.


First day: Introduction into the eduroam, identity federations, eduGAIN

1. Why we need federated access to the services
2. eduroam introduction
3. Identity federation introduction
4. How to build the national federation
5. eduGAIN and how to connect to it

Second day: Shibboleth IdP 3.0 install fest

1. Introduction to the Shibboleth IdP v3
2. How to install Shibboleth IdP v3
3. How to configure Shibboleth IdP v3
4. How to connect to the national federation

Out Comes of The Workshop

Participants will have an overview of eduroam, identity federations and eduGAIN. They will be able to prepare policies and agreements which can be signed with GEANT representatives in order to connect to the global community.
Participants will know how to build national federation. They will also be able to install and configure Shibboleth v3 for the home organization and connect it to the national federation. They will know how to then connect national identity federation to the eduGAIN.


  • knowledge of local legislation concerning privacy issues
  • skills in OS administration (Linux)
  • basic knowledge of PKI (Public Key Infrastructure)

Required Equipment

  • Laptop


Michal Prochazka
Received his Ph.D. degree from the Masaryk University in Brno in 2015. He works at Masaryk University and CESNET mainly focusing on IT security and identity and access management area. In security area the major focus is targeted on authentication methods in distributed environments. 
Issue of federated identity and the concept of identity federations is one of his major scope within the identity management area. For three years he has been leading project Perun -- identity and access
management system. He is also involved in several projects like MAGIC, AARC, GN4p2, ELIXIR and EGI. He was helping with building the eduroam and the identity provider on Masaryk University.
Jan Oppolzer

Jan Oppolzer received his bachelor's degree in electrical engineering and master's degree in telecommunications engineering from Czech Technical University in Prague. He currently works for Network Identity Department at CESNET as a member of Authentication and Authorization Infrastructure team. Among his responsibilities are running Shibboleth IdP for CESNET, operating Czech academic identity federation including technical support for members and developing web-based federation metadata tool to allow easy and user-friendly metadata management. He is also a steering group delegate in international interfederation called eduGAIN and a REFEDS member.