Changes between Version 6 and Version 7 of BBCShibIntegration


Ignore:
Timestamp:
05/30/13 14:24:40 (12 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BBCShibIntegration

    v6 v7  
    1414 
    1515[[Image(https://iam.alaska.edu/shib/attachment/wiki/BBCShibIntegration/Bbimage1.png)]] 
     16 
     171.3 As documented in Connect SSO Implementation Manual, open the ADMIN tab, Choose "Settings" then "Single Sign On Configuration Setup" 
     18 
     19[[Image(https://iam.alaska.edu/shib/attachment/wiki/BBCShibIntegration/Bbimage2.png)]] 
     20 
     21to bring up the dialog to enable SSO and upload your certificate in this dialog: 
     22 
     23[[Image(https://iam.alaska.edu/shib/attachment/wiki/BBCShibIntegration/Bbimage3.png)]] 
     24 
     251.4 Upload your IdP's X509 certificate using the controls in the web form.  
     26 
     271.5 Determine the unique entity id ("url") for your SSO-enabled service(s). 
     28[BBC will have to describe just how you find that url in the interface!] 
     29The entity id for the staging (testing) service will have a format like: 
     30https://ssostg.blackboardconnect.com/SAML/Connect/B46C75BF139144349190F775C38F05A9 
     31The entity id for your production portal for end users will have a format like: 
     32https://sso.blackboardconnect.com/SAML/Portal/E0D069C2563D4D63A14CBB95D6845C25 
     33The entity id for your production instance of Connect (at UA we call this the "Sender Portal" available only to those who can trigger alerts) will have a format like https://sso.blackboardconnect.com/SAML/Connect/9F95200F70EB4E8F844320653CCD97A8 
     34 
     35=== (2) Configure your IdP for BBC service(s). === 
     36The Shibboleth IdP relies on several xml files for knowing whether and how to communicate with services to assert authentication and attributes for authenticated users. Metadata for service providers (SPs) in the !InCommon federation can be consumed automatically, but BBC services are not in !InCommon, so you must add metadata specifically for BBC. In addition, you will likely have to generate specific attributes for BBC (in attribute-resolver.xml) and set an appropriate release policy to send those attributes to BBC (in attribute-filter.xml). 
     37 
     38 
     39(2.1) Add descriptors and certificates for BBC services into the metadata used by your IdP. Your IdP will be configured to consume metadata from one or more files. Add EntityDescriptor elements - including the entityIDs from step 1 and a certificate for each of the BBC services to be integrated to one of these files (order in which EntityDescriptors are listed or read is immaterial). As of this writing, the certificate itself is not actually used, so any certificate will do! Even though not actively used, a certificate must be present. The entityID must exactly match the entityID from step 1. 
     40example (a more complete example is in the appendix):