-
8/13/2019 Implementation of Federated Authentication Polito
1/13
Politecnico di Torino 2-3-4 March 2005EuroCAMP
PolitoPolito
WiWi--FiFi
GroupGroup
Implementation ofImplementation of
federatedfederated
authenticationauthentication
Cesar PachecoCesar Pacheco
Politecnico di TorinoPolitecnico di Torino
Polito WiPolito Wi--Fi Case studyFi Case study
-
8/13/2019 Implementation of Federated Authentication Polito
2/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
WorkingWorking GroupGroup
The Polito Wi-Fi members come from Departments of
Politecnico,ISPs, Research Institute and ICT companies
Ce.S.I.T. (ICT Project and mangement resources)
Group coordinator Marcello Maggiora, Cesar Pacheco, Antonio
Lantieri
DAUIN (Control and Computer Engineering)
Antonio Lioy
DELEN (Electronics)
TLC Group - Fabio Neri
GESD (Student Support Services)
Enrico Venuto
ISMB (Istituto Superiore Mario Boella Research Institute)
Daniele Mazzocchi, Daniele Brevi
Telecom ItaliaMarco Boasso
Hewlett-Packard external support
Cisco Systems external support
-
8/13/2019 Implementation of Federated Authentication Polito
3/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
OverviewOverview
Politecnico di Torino Campus
Polito Wi-Fi project
Politecnico User databases
Authentication methodsWLAN Network Infrastructure
Cisco ACS Implementation
Proxy Radius Infrastructure
Proxy Radius configuration for Eduroam and
Telecom Italia roaming
-
8/13/2019 Implementation of Federated Authentication Polito
4/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Politecnico di TorinoPolitecnico di Torino CampusCampus
725 teachers, 600 technical and
administrative employees
27,000 students1000 courses for 70,000 hours/year of
classes
17 campuses in Piemonte
10,000 fixed network points
-
8/13/2019 Implementation of Federated Authentication Polito
5/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Torino: 10
Alessandria
Aosta
Biella
Chivasso
Ivrea
Vercelli
Mondov
Politecnico di TorinoPolitecnico di Torino
CampusesCampuses
17
-
8/13/2019 Implementation of Federated Authentication Polito
6/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Polito WiPolito Wi--Fi projectFi project
The Polito WiFi Project at Politecnico diTorino started in 2003
as an initiative toimplement a scalable WLAN network for the
geographically dispersed campus ofPolitecnico di Torino.
Features:Centralized management of the covered radioareas
Centralized authentication
Centralized access control.
-
8/13/2019 Implementation of Federated Authentication Polito
7/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
PolitecnicoPolitecnico User databasesUser databases
Politecnico Student Database
HP Enterprise Directory Server (X.500)
40,000 users
[email protected]
Personal and Teacher Database
Stalker Communigate Pro V 4.18 (LDAP
Directory)
3,000 users
[email protected]
mailto:[email protected]:[email protected]:[email protected]:[email protected]
-
8/13/2019 Implementation of Federated Authentication Polito
8/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Authentication methodsAuthentication methods
Like
wired polito
Users
High-Low
ClientCertificate
Server
Certificate
Lab. test
802.1x
EAP/TLS-
WPA
Likewired polito
Users
HighHighLow in
MS-PEAP
Client
Password
Server
Certificate
Field test802.1x
WPA-TKIP
Likewired polito
Users
HighHighHighClient
Password
Enabled
All areasTunnel VPN
Internet
Browsing
Secure Apps
Not at
network
level
HighHigh
Client
Password
Server
Certificate
Enabled
All areas
Open
HTTPS
SSL3
Data
Prot.
Password
Prot.
Username
Prot.
Autent.
Mutual
Suggested
activities
Security level (air)
StatusAuth.
Models
SECURITY
-
8/13/2019 Implementation of Federated Authentication Polito
9/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
WLAN Network InfrastructureWLAN Network Infrastructure
UTILSTAT
DUPLEXSPEED
SYSTEMRPS
LINE PWR
CATALYST3550INLINE POWER
2
1
3
4
5
6
7
8
9
10
11
12
1
2
15
16
17
18
19
20
21
22
23
24
13
14
POE Switch
ACS Radius Server
Radio
Management
DHCP Server
InternetInternet
VPNConcentrator
WLAN
802.1x
WLAN
Open
Athen
Backbone
Access Point
802.11 a/b/g
SSID1
SSID2
Firewall
Captive Portal
Informative
Portal
-
8/13/2019 Implementation of Federated Authentication Polito
10/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Cisco ACS ImplementationCisco ACS Implementation
For students databaseODBC connection to X.500
Supports MS-CHAP authentication methods like
PEAP-EAP-MSCHAPLimitations for digital certificates
comparison
For teachers and employeesBind LDAP v3 to LDAP Directory
SAN or binary comparison for digital certificates
Limitations for MS-CHAP authentication methodslike
PEAP-EAP-MSCHAP
-
8/13/2019 Implementation of Federated Authentication Polito
11/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Proxy Radius InfrastructureProxy Radius Infrastructure
LDAPDirectory
Central Proxy Radius
(handler for polito.it)
X.500
Students Radius
Proxy radius
InternetInternet
Athen
Backbone
Proxy radius
ODBC
Bind LDAP
v3
Oracle
Garr
Edu-Roam
Telecom
Italia
-
8/13/2019 Implementation of Federated Authentication Polito
12/13
Politecnico di Torino EuroCAMP 2-3-4 March 2005
PolitoPolito
WiWi--FiFi
GroupGroup
Proxy RadiusProxy Radius ConfigurationConfiguration
Radius Servers shared secret
(Polito-Garr)
Proxy Distribution Tablepolito.it domains local proxy
wifiarea.it Telecom Italia
other domains Garr - Eduroam
-
8/13/2019 Implementation of Federated Authentication Polito
13/13
Politecnico di Torino 2-3-4 March 2005EuroCAMP
PolitoPolito
WiWi--FiFi
GroupGroup
QuestionsQuestions TimeTimePolitoPolito WiWi--FiFi
http://http://wifiwifi.polito..polito.itit
