Articles in this section

See more

SSO Integrations: SAML / Shibboleth / OpenAthens

Tom Bruining
  • Updated
Follow

Official Article Header.pngOverview

A Single-Sign-On (SSO) authentication system allows a student to have a single set of login credentials to sign them into multiple softwares/applications

Security Assertion Marked up Language (SAML) is the open standard that allows identity providers (IdP) to pass authorization credentials to service providers

 

Introductory Video

 

Video Explainer

 

BibliU's Metadata

You can find BibliU's metadata details here:

https://bibliu.com/Shibboleth.sso/Metadata 

In general, BibliU can quickly and easily configure the institution's Single Sign On environment.

Required Attributes 

EntityID
A globally unique name for an Identity Provider.
https://idp.<institutionname>.ac.uk/shibboleth
entryPoint
The endpoint that is dedicated to handling SAML transactions.
Where BibliU should send a user to log into the Identity Provider's SSO environment.
staticField
The attribute we can use to uniquely and non-transiently identify users.
e.g. urn:oid:0.9.2342.19200300.100.1.3 = email
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 = eduPersonTargetedID
Certificate
The signing certificate used to encrypt/decrypt user authentication.

Static ID

BibliU can define any attribute passed by an IdP to be used as the static identifier of the user. Our preference for user identification is:

  1. Student Email address
  2. Non-transient unique identifier (e.g. Should remain constant between sessions)

BibliU does not support transient unique identifiers. The motivation for this is that users should be able to synchronise their annotations between sessions, and thus we need something that will identify a user consistently.

Learning Management Systems / Virtual Learning Environment Coordination

It is preferred that the unique identifier used in a Single Sign On environment matches the unique identifier shared by your institution's LTI identifier. This allows students to login through either system seamlessly.

Log-out Callbacks

BibliU does not support authentication endpoints for signing users out of their Single Sign On session.

 

Entity ID

For most institutions the default callback URL is:

https://bibliotech.education/entity

Callback URL/Reply URL

For most institutions the default callback URL is:

https://bibliu.com/users/samlcallback 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk