== [[https://iam.alaska.edu/|IAM]] / [[https://iam.alaska.edu/projects|Projects]] / [[https://iam.alaska.edu/shib|Shibboleth]] / [[ServiceCandidates|Service Candidates]] / Blackboard Connect ==
relying-party.xml as of 2012-06:
{{{
}}}
{{{
On Tue, 11 Sep 2012, at 13:22 , David Stein wrote:
I believe that this is now rectified. I have now loaded the same cert for both the recipient and sender portals. Here are the URLs.
Recipient Portal:
https://sso.blackboardconnect.com/SAML/Portal/7B9070E4D2DE4195A8B530EE72266AB0
Sender Portal:
https://sso.blackboardconnect.com/SAML/Connect/6F0CEAB5A3704F84A767DFA3CC6CEBF7
}}}
see "Connect SSO Implementation Manual" (too large to attach)
BBC uses "unsolicited" or "IdP initiated" SSO. That means that, rather than responding to a user's request and redirecting the user's browser to the IdP for authentication and attributes, BBC requires us to send a SAML assertion with user authentication and required attributes. This is accomplished in the Shibboleth IdP by setting up a URL that invokes a profile (or "end point") specifically for unsolicited SSO ("idp/profile.SAML2/Unsolicited/SSO") and includes the (encoded) relying party entity id above.
For BBC entities above, those URLs are:
staging service:
https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fssostg.blackboardconnect.com%2FSAML%2FConnect%2FB46C75BF139144349190F775C38F05A9
Recipient Portal:
Sender Portal:
[[https://wiki.shibboleth.net/confluence/display/SHIB2/IdPUnsolicitedSSO|Shibboleth wiki IdPUnsolicitedSSO]]
[[http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.html|SAML 2 Technical Overview]] see ยง5.1.4