== [[https://iam.alaska.edu/|IAM]] / [[https://iam.alaska.edu/projects|Projects]] / [[https://iam.alaska.edu/shib|Shibboleth]] / [[ServiceCandidates|Service Integrations]] / Blackboard Transact == Blackboard Transact is to be used with eAccounts to support Tapingo - online meal order and payment. Transact used for payment transactions with web clients; eAccounts (LDAP enabled, not Shibb) on mobile devices. David !DeWolfe is primary technical contact with these vendors. Transact Service Provider (SP) is configured and tested through an administrative portal at Blackboard. For the UA integration, David !DeWolfe used this console in consultation with Blackboard and IAM. Transact integration was unique to UA IAM (as of 2014) in using TWO IdP profiles; it took several weeks of conversation to realize that the SP requests authentication per usual, receives the SAML assertion from the IdP, BUT THEN ignores or discards the attributes and makes a SECOND call to the IdP using !AttributeQueryProfile to retrieve attributes. The configuration below reflects this SP behavior. 1. Custom relying party for Transact in relying-party.xml in the relying parties section: {{{ }}} 2. Blackboard metadata provider is also configured in relying-party.xml in the metadata provider section: {{{ }}} 3. Blackboard Transact relies on a NameID with particular format to identify the user (rather than ePPN or other usual attributes). A previous integration (Okta) relied on a similar NameID, so we are re-using the NameID constructed for Okta in attribute-resolver.xml: {{{ }}} 4. Blackboard Transact processes attributes based on their !FriendlyNames rather than actual names, and also requires specific !FriendlyNames for the attributes consumed. So these custom attributes are encoded in attribute-resolver.xml: {{{ }}} 5. Finally, to release these unique attributes to Bb Transact, the following policy was added to attribute-filter.xml: {{{ }}}