Changes between Version 12 and Version 13 of BbConnect
- Timestamp:
- 09/20/12 15:55:10 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
BbConnect
v12 v13 15 15 16 16 I believe that this is now rectified. I have now loaded the same cert for both the recipient and sender portals. Here are the URLs. 17 [N.B. the dependence of the URLs - really entity IDs - on the certificate! see warning below!] 17 18 18 19 Recipient Portal: 19 20 https://sso.blackboardconnect.com/SAML/Portal/7B9070E4D2DE4195A8B530EE72266AB0 20 [subsequently corrected to: 21 https://sso.blackboardconnect.com/SAML/Connect/9F95200F70EB4E8F844320653CCD97A8 21 [subsequently revised to: 22 https://sso.blackboardconnect.com/SAML/Portal/E0D069C2563D4D63A14CBB95D6845C25 23 ] 24 22 25 23 26 Sender Portal: 24 27 https://sso.blackboardconnect.com/SAML/Connect/6F0CEAB5A3704F84A767DFA3CC6CEBF7 25 28 [subsequently revised to: 29 https://sso.blackboardconnect.com/SAML/Connect/9F95200F70EB4E8F844320653CCD97A8 30 ] 31 }}} 26 32 27 }}}28 33 29 34 see "Connect SSO Implementation Manual" (too large to attach) 30 35 31 36 BBC uses "unsolicited" or "IdP initiated" SSO. That means that, rather than responding to a user's request and redirecting the user's browser to the IdP for authentication and attributes, BBC requires us to send a SAML assertion with user authentication and required attributes. This is accomplished in the Shibboleth IdP by setting up a URL that invokes a profile (or "end point") specifically for unsolicited SSO ("idp/profile.SAML2/Unsolicited/SSO") and includes the (encoded) relying party entity id above. 37 38 BBC also crafts the entityID [~URL] of the service based on the certificate used to sign the SAML assertion (attached). Note that means that ''if and when the UA IdP certificate is changed, these entity IDs will change, requiring changes to the sp-metadata file, the relying-party.xml file, and the attribute-filter.xml files'', as each of these requires the explicit entity ids of the services to which the IdP will send assertions. 32 39 33 40 For BBC entities above, those URLs are: