wiki:BbConnect

Version 7 (modified by dabantz@…, 12 years ago) (diff)

--

IAM / Projects / Shibboleth / Service Candidates / Blackboard Connect

relying-party.xml as of 2012-06:

  <!-- BlackBoard Connect -->
	    <RelyingParty id="https://ssostg.blackboardconnect.com/SAML/Connect/B46C75BF139144349190F775C38F05A9"
	          provider="urn:mace:incommon:alaska.edu"
	          defaultAuthenticationMethod="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
	          defaultSigningCredentialRef="IdPCredential">
	        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" encryptAssertions="never" encryptNameIds="never" />
            </RelyingParty>
On Tue, 11 Sep 2012, at 13:22 , David Stein <David.Stein@blackboard.com> wrote:

I believe that this is now rectified.  I have now loaded the same cert for both the recipient and sender portals.  Here are the URLs.  
 
Recipient Portal:
https://sso.blackboardconnect.com/SAML/Portal/7B9070E4D2DE4195A8B530EE72266AB0
 
 
Sender Portal:
https://sso.blackboardconnect.com/SAML/Connect/6F0CEAB5A3704F84A767DFA3CC6CEBF7
 

see "Connect SSO Implementation Manual" (too large to attach)

BBC uses "unsolicited" or "IdP initiated" SSO. That means that, rather than responding to a user's request and redirecting the user's browser to the IdP for authentication and attributes, BBC requires us to send a SAML assertion with user authentication and required attributes. This is accomplished in the Shibboleth IdP by setting up a URL that invokes a profile (or "end point") specifically for unsolicited SSO ("idp/profile.SAML2/Unsolicited/SSO") and includes the (encoded) relying party entity id above.

For BBC entities above, those URLs are: staging service: https://idp.alaska.edu/idp/profile/SAML2/Unsolicited/SSO?providerId=https%3A%2F%2Fssostg.blackboardconnect.com%2FSAML%2FConnect%2FB46C75BF139144349190F775C38F05A9 Recipient Portal:

Sender Portal:

Shibboleth wiki IdPUnsolicitedSSO

SAML 2 Technical Overview see §5.1.4

Attachments