Version 5 (modified by dabantz@…, 12 years ago) (diff) |
---|
IAM / Projects / Shibboleth / Service Candidates / Blackboard Connect
relying-party.xml as of 2012-06:
<!-- BlackBoard Connect --> <RelyingParty id="https://ssostg.blackboardconnect.com/SAML/Connect/B46C75BF139144349190F775C38F05A9" provider="urn:mace:incommon:alaska.edu" defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" defaultSigningCredentialRef="IdPCredential"> <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never" /> </RelyingParty>
see "Connect SSO Implementation Manual" (too large to attach)
BBC uses "unsolicited" or "IdP initiated" SSO. That means that, rather than responding to a user's request and redirecting the user's browser to the IdP for authentication and attributes, BBC requires us to send a SAML assertion with user authentication and required attributes. This is accomplished in the Shibboleth IdP by setting up a URL that invokes a profile (or "end point") specifically for unsolicited SSO ("idp/profile.SAML2/Unsolicited/SSO") and includes the (encoded) relying party entity id above.
For BBC entity above, that URL is: https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fssostg.blackboardconnect.com%2FSAML%2FConnect%2FB46C75BF139144349190F775C38F05A9
Shibboleth wiki IdPUnsolicitedSSO
SAML 2 Technical Overview see §5.1.4
Attachments
-
UAIdP.crt
(1.8 KB) -
added by dabantz@… 12 years ago.
UA IdP X509 certificate
-
BBC SSO Portal overview.pdf
(110.3 KB) -
added by dabantz@… 12 years ago.
BBC Connect overview with attribute requirements
-
attribue-resolver_BBC.rtf
(3.3 KB) -
added by dabantz@… 12 years ago.
attribute-resolver for BBC-specific attributes
-
relying-party.xml_BBC.txt
(1.5 KB) -
added by dabantz@… 12 years ago.
fragment for 3 BBC services
- Attribute filter (release) for BBC.txt (1.1 KB) - added by dabantz@… 12 years ago.
-
BBC-entity-descriptors.xml.txt
(5.1 KB) -
added by dabantz@… 12 years ago.
metadata.xml fragment - BBC entity descriptors
-
UA IdP x509 cert decoded.txt
(3.3 KB) -
added by dabantz@… 12 years ago.
Decoded X509 certificate for UA IdP