== [[https://iam.alaska.edu/|IAM]] / [[https://iam.alaska.edu/projects|Projects]] / [[https://iam.alaska.edu/shib|Shibboleth]] / [[ServiceCandidates|Service Candidates]] / Blackboard Connect == relying-party.xml as of 2012-06: {{{ }}} {{{ On Tue, 11 Sep 2012, at 13:22 , David Stein wrote: I believe that this is now rectified. I have now loaded the same cert for both the recipient and sender portals. Here are the URLs. Recipient Portal: https://sso.blackboardconnect.com/SAML/Portal/7B9070E4D2DE4195A8B530EE72266AB0 https://sso.blackboardconnect.com/SAML/Portal/E0D069C2563D4D63A14CBB95D6845C25 Sender Portal: https://sso.blackboardconnect.com/SAML/Connect/6F0CEAB5A3704F84A767DFA3CC6CEBF7 }}} see "Connect SSO Implementation Manual" (too large to attach) BBC uses "unsolicited" or "IdP initiated" SSO. That means that, rather than responding to a user's request and redirecting the user's browser to the IdP for authentication and attributes, BBC requires us to send a SAML assertion with user authentication and required attributes. This is accomplished in the Shibboleth IdP by setting up a URL that invokes a profile (or "end point") specifically for unsolicited SSO ("idp/profile.SAML2/Unsolicited/SSO") and includes the (encoded) relying party entity id above. For BBC entities above, those URLs are: staging service: https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fssostg.blackboardconnect.com%2FSAML%2FConnect%2FB46C75BF139144349190F775C38F05A9 Recipient Portal: https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fsso.blackboardconnect.com%2FSAML%2FPortal%2FE0D069C2563D4D63A14CBB95D6845C25 Sender Portal: https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fsso.blackboardconnect.com%2FSAML%2FConnect%2F9F95200F70EB4E8F844320653CCD97A8 [[https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO|Shibboleth wiki IdPUnsolicitedSSO]] [[http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html|SAML 2 Technical Overview]] see ยง5.1.4