Versions Compared

Old Version 5

changes.mady.by.user Viacheslav Bessonov

Saved on

compared with

New Version 6

changes.mady.by.user Viacheslav Bessonov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

After you filled in all the parameters, you can link this provider to a library using Libraries group and then click on Submit to finish.

Testing

SAML testbed can be used for testing SAML authentication in Circulation Manager.

Using the testbed in client applications

Fetch the authentication document: 

Code Block
GET http://cm.hilbertteam.net/authentication_document 
  • Show available IdPs to the patron using a table, dropdown or different UI controls:Image Removed
  • After the patron selects a particular IdP, authenticate them with the Circulation Manager.
    In the browser open the authentication link of the selected IdP. It has the following format:
    http://cm.hilbertteam.net/SAML/saml_authenticate?redirect_uri=<REDIRECT_URI>&provider=<PROVIDER>&idp_entity_id=<IDP_ENTITY_ID>
    where
    • REDIRECT_URI is a URL where CM will redirect the browser after successful authentication.
    • PROVIDER is the name of the used authentication provider (currently, there is only one - SAML 2.0)
    • IDP_ENTITY_ID is the entityID of the selected IdP

           For example, 

Code Block
GET http://cm.hilbertteam.net/SAML/saml_authenticate?redirect_uri=http%3A%2F%2Fcm-test.hilbertteam.net%2Flogin&provider=SAML+2.0
  • During the authentication process the patron’s browser will be redirected to Shibboleth IdP authentication page where their will need to enter the following credentials (they are hardcoded in the LDAP instance used by Shibboleth IdP):
    • Username: student1
    • Password: password

Image Removed

  • After successful authentication the patron’s browser will be redirected to the URL specified in REDIRECT_URI with the following additional parameters:
    • access_token containing a Bearer token
    • patron_info containing a JSON document with patron’s metadata

           For example, 

Code Block
GET http://cm-test.hilbertteam.net/login?access_token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJTQU1MIDIuMCIsInRva2VuIjoie1wibWFpbFwiOiBcInN0dWRlbnQxQGlkcHRlc3RiZWQuZWR1XCIsIFwiZmlyc3RfbmFtZVwiOiBcIlN0dWRcIiwgXCJsYXN0X25hbWVcIjogXCJFbnRcIiwgXCJ1aWRcIjogXCJzdHVkZW50MVwifSJ9.trmLC4JQDaeGK4d0O8sbOtHvk32KR6ksQZOTg_mD67U&patron_info=%7B%7D

...

For example, to download the book use the fulfill endpoint in the browser: 

Code Block
GET 
http://cm.hilbertteam.net/BASIC/works/7/fulfill/2
Authorization: Bearer: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJTQU1MIDIuMCIsInRva2VuIjoie1wibWFpbFwiOiBcInN0dWRlbnQxQGlkcHRlc3RiZWQuZWR1XCIsIFwiZmlyc3RfbmFtZVwiOiBcIlN0dWRcIiwgXCJsYXN0X25hbWVcIjogXCJFbnRcIiwgXCJ1aWRcIjogXCJzdHVkZW50MVwifSJ9.trmLC4JQDaeGK4d0O8sbOtHvk32KR6ksQZOTg_mD67U

...

  • The patron’s browser will be redirected to the OPDS URL.
  • The OPDS SP will redirect the patron’s browser to the IdP
  • The IdP will use the active authentication session and will return a SAML assertion to the OPDS SP
  • OPDS SP will ask the patron to confirm that they agree to federate their credentials with OPDS by showing the consent screen:

Image Removed

    •  After the patron clicks on Accept their browser will be redirected to the book:

Image RemovedYou can find information about testing in SAML Testbed article.