Overview
A Single-Sign-On (SSO) authentication system allows a student to have a single set of login credentials to sign them into multiple softwares/applications
Security Assertion Marked up Language (SAML) is the open standard that allows identity providers (IdP) to pass authorization credentials to service providers
Introductory Video
Video Explainer
Federated Service Provider
BibliU is a member of the UK Federation, and as result part of the EduGAIN federation which generally gives it access to most international federations.
You can find BibliU's federation details here:
https://bibliu.com/Shibboleth.sso/Metadata
In general, if an institution is a member of the UK Federation, or another federation, BibliU can quickly and easily configure the institution's Single Sign On environment.
Required Attributes
EntityID
A globally unique name for an Identity Provider.
https://idp.<institutionname>.ac.uk/shibboleth
entryPoint
The endpoint that is dedicated to handling SAML transactions.
Where BibliU should send a user to log into the Identity Provider's SSO environment.
staticField
The attribute we can use to uniquely and non-transiently identify users.
e.g. urn:oid:0.9.2342.19200300.100.1.3 = email
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 = eduPersonTargetedID
Certificate
The signing certificate used to encrypt/decrypt user authentication.
Static ID
BibliU can define any attribute passed by an IdP to be used as the static identifier of the user. Our preference for user identification is:
- Student Email address
- Non-transient unique identifier (e.g. Should remain constant between sessions)
BibliU does not support transient unique identifiers. The motivation for this is that users should be able to synchronise their annotations between sessions, and thus we need something that will identify a user consistently.
Learning Management Systems / Virtual Learning Environment Coordination
It is preferred that the unique identifier used in a Single Sign On environment matches the unique identifier shared by your institution's LTI identifier. This allows students to login through either system seamlessly.
Log-out Callbacks
BibliU does not support authentication endpoints for signing users out of their Single Sign On session.
Callback URL
For most institutions the default callback URL is:
https://bibliu.com/users/samlcallback
Course Assignment
BibliU is able to integrate on a case-by-case basis with APIs, or snapshot data loads provided by institutions to automatically assign students to a defined set of relevant textbooks.
If you would like to do this type of integration we would absolutely love to assist you. Please contact support@bibliu.com to progress this conversation.
Comments
0 comments
Please sign in to leave a comment.