Changes between Version 12 and Version 13 of BbConnect


Ignore:
Timestamp:
09/20/12 15:55:10 (12 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • BbConnect

    v12 v13  
    1515 
    1616I believe that this is now rectified.  I have now loaded the same cert for both the recipient and sender portals.  Here are the URLs.   
     17[N.B. the dependence of the URLs - really entity IDs - on the certificate!  see warning below!] 
    1718  
    1819Recipient Portal: 
    1920https://sso.blackboardconnect.com/SAML/Portal/7B9070E4D2DE4195A8B530EE72266AB0 
    20 [subsequently corrected to: 
    21 https://sso.blackboardconnect.com/SAML/Connect/9F95200F70EB4E8F844320653CCD97A8 
     21[subsequently revised to: 
     22https://sso.blackboardconnect.com/SAML/Portal/E0D069C2563D4D63A14CBB95D6845C25 
     23] 
     24 
    2225  
    2326Sender Portal: 
    2427https://sso.blackboardconnect.com/SAML/Connect/6F0CEAB5A3704F84A767DFA3CC6CEBF7 
    25   
     28[subsequently revised to: 
     29https://sso.blackboardconnect.com/SAML/Connect/9F95200F70EB4E8F844320653CCD97A8 
     30] 
     31}}} 
    2632 
    27 }}} 
    2833 
    2934see "Connect SSO Implementation Manual" (too large to attach) 
    3035 
    3136BBC uses "unsolicited" or "IdP initiated" SSO.  That means that, rather than responding to a user's request and redirecting the user's browser to the IdP for authentication and attributes, BBC requires us to send a SAML assertion with user authentication and required attributes.  This is accomplished in the Shibboleth IdP by setting up a URL that invokes a profile (or "end point") specifically for unsolicited SSO ("idp/profile.SAML2/Unsolicited/SSO") and includes the (encoded) relying party entity id above. 
     37 
     38BBC also crafts the entityID [~URL] of the service based on the certificate used to sign the SAML assertion (attached).  Note that means that ''if and when the UA IdP certificate is changed, these entity IDs will change, requiring changes to the sp-metadata file, the relying-party.xml file, and the attribute-filter.xml files'', as each of these requires the explicit entity ids of the services to which the IdP will send assertions. 
    3239 
    3340For BBC entities above, those URLs are: