Articles in this section

SSO Integrations: SAML / Shibboleth / OpenAthens

Tom Bruining
  • Updated
Follow

Overview

A Single-Sign-On (SSO) authentication system allows a student to have a single set of login credentials to sign them into multiple softwares/applications

Security Assertion Marked up Language (SAML) is the open standard that allows identity providers (IdP) to pass authorization credentials to service providers

 

Introductory Video

 

Video Explainer

 

Federated Service Provider

BibliU is a member of the UK Federation, and as result part of the EduGAIN federation which generally gives it access to most international federations.

You can find BibliU's federation details here:

https://bibliu.com/Shibboleth.sso/Metadata 

In general, if an institution is a member of the UK Federation, or another federation, BibliU can quickly and easily configure the institution's Single Sign On environment.

Required Attributes 

EntityID
A globally unique name for an Identity Provider.
https://idp.<institutionname>.ac.uk/shibboleth
entryPoint
The endpoint that is dedicated to handling SAML transactions.
Where BibliU should send a user to log into the Identity Provider's SSO environment.
staticField
The attribute we can use to uniquely and non-transiently identify users.
e.g. urn:oid:0.9.2342.19200300.100.1.3 = email
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 = eduPersonTargetedID
Certificate
The signing certificate used to encrypt/decrypt user authentication.

Static ID

BibliU can define any attribute passed by an IdP to be used as the static identifier of the user. Our preference for user identification is:

  1. Student Email address
  2. Non-transient unique identifier (e.g. Should remain constant between sessions)

BibliU does not support transient unique identifiers. The motivation for this is that users should be able to synchronise their annotations between sessions, and thus we need something that will identify a user consistently.

Learning Management Systems / Virtual Learning Environment Coordination

It is preferred that the unique identifier used in a Single Sign On environment matches the unique identifier shared by your institution's LTI identifier. This allows students to login through either system seamlessly.

Log-out Callbacks

BibliU does not support authentication endpoints for signing users out of their Single Sign On session.

Callback URL

For most institutions the default callback URL is:

https://bibliu.com/users/samlcallback

Course Assignment 

BibliU is able to integrate on a case-by-case basis with APIs, or snapshot data loads provided by institutions to automatically assign students to a defined set of relevant textbooks. 

If you would like to do this type of integration we would absolutely love to assist you. Please contact support@bibliu.com to progress this conversation. 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk