...
- SimplyE Client application initiates a SAML workflow using a link from the CM’s authentication document.
- The Circulation Manager redirects a patron to the IdP.
- IdP asks the patron to enter their credentials.
- IdP checks credentials and if they’re correct sends a SAML assertion to CM.
- The Circulation Manager verifies the SAML assertion, extracts a unique ID of the patron and generates a bearer token based on thisthat patron ID.
- The Circulation Manager redirects the client application to the callback URL specified in the authentication request.
- SimplyE Client application receives the bearer token and understand that the patron has been successfully authenticated
- The patron tries to borrow a book.
- The SimplyE Client application calls the Circulation Manager's fulfill method and passes the bearer token in the HTTP
Authorizationheader (it also passes SAML cookies to the protected URL of the content host). - The Circulation Manager redirects the client to the provider URL using they cookies provided by the IDP.
The content provider
validates the Cookies with IDP and(SP) redirects the request to the IdP (if a patron hasn’t used this SP before) which is responsible for validating cookies which then sends a SAML assertion back to the content provider SP who then provides access to the content.
- The SimplyE Client application receives a book accessible via vendor URL.
Signed URLS
| Info | ||
|---|---|---|
| ||
Needs documentation review |
When content is locally hosted in S3 there will be no need for SAML cookies because the Circulation Manager won’t need to pass cookies from the client and via redirects to get access to content (Circulation Manager will have direct access to the S3 buckets). It merely needs to the client to authenticate or be authenticated.
The workflow will contain the following stepsfollowing is an example workflow with SAML based patron Auth:
- SimplyE Client application initiates a SAML workflow using a link from the CM’s authentication document
- The Circulation Manager redirects a patron to the IdP
- IdP asks the patron to enter their credentials
- IdP checks credentials and if they’re correct sends a SAML assertion to CM
- The Circulation Manager verifies the SAML assertion, extracts a unique ID of the patron and generates a bearer token based on this
- The Circulation Manager redirects the client application to the callback URL specified in the authentication request
- SimplyE Client application receives the bearer token and understand that the patron has been successfully authenticated
- The patron tries to borrow a book
- The SimplyE Client application calls the Circulation Manager's fulfill method and passes the bearer token in the HTTP
Authorizationheader (it also passes SAML cookies but they’re not required in this case because of the reasons described above) - The Circulation Manager fulfills a book link to S3 URL, then signs it using the expiration time setting set up by an administrator and redirects to it
- The SimplyE Client application receives a book accessible via a expirable pre-signed S3 URL
...