A Single-Sign-On (SSO) authentication system allows a student to have a single set of login credentials to sign them into multiple softwares/applications
Security Assertion Marked up Language (SAML) is the open standard that allows identity providers (IdP) to pass authorization credentials to service providers
Federated Service Provider
BibliU is a member of the UK Federation, and as result part of the EduGAIN federation which generally gives it access to most international federations.
You can find BibliU's federation details here:
In general, if an institution is a member of the UK Federation, or another federation, BibliU can quickly and easily configure the institution's Single Sign On environment.
A globally unique name for an Identity Provider.
The endpoint that is dedicated to handling SAML transactions.
Where BibliU should send a user to log into the Identity Provider's SSO environment.
The attribute we can use to uniquely and non-transiently identify users.
e.g. urn:oid:0.9.2342.19200300.100.1.3 = email
urn:oid:22.214.171.124.4.1.59126.96.36.199.10 = eduPersonTargetedID
The signing certificate used to encrypt/decrypt user authentication.
BibliU can define any attribute passed by an IdP to be used as the static identifier of the user. Our preference for user identification is:
- Student Email address
- Non-transient unique identifier (e.g. Should remain constant between sessions)
BibliU does not support transient unique identifiers. The motivation for this is that users should be able to synchronise their annotations between sessions, and thus we need something that will identify a user consistently.
Learning Management Systems / Virtual Learning Environment Coordination
It is preferred that the unique identifier used in a Single Sign On environment matches the unique identifier shared by your institution's LTI identifier. This allows students to login through either system seamlessly.
BibliU does not support authentication endpoints for signing users out of their Single Sign On session.
For most institutions the default callback URL is:
BibliU is able to integrate on a case-by-case basis with APIs, or snapshot data loads provided by institutions to automatically assign students to a defined set of relevant textbooks.
If you would like to do this type of integration we would absolutely love to assist you. Please contact firstname.lastname@example.org to progress this conversation.
Please sign in to leave a comment.