Versions Compared

Old Version 6

changes.mady.by.user Viacheslav Bessonov

Saved on

compared with

New Version 7

changes.mady.by.user Viacheslav Bessonov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. User authenticates to the Circulation Manager. It works in exactly the same way as in the previous case: users will have to authenticate themselves against IdP either by entering credentials on the IdP’s form or using other mechanisms setup in the IdP’s settings.
  2. User authenticates to SAML proxy/EZProxy. This should not require users to authenticate themselves against IdP. However, they may be shown a consent screen asking them to confirm using their credentials with a different SP (either SAML proxy or EZProxy).

Configuration

You can find information about SAML Authentication Provider's configuration in SAML-based authentication for patrons requires certain configuration to be set up to work correctly. Configuration parameters are described in the table I.

Table I. Circulation Manager SP’s Configuration

...

Parameter Name

...

Mandatory

...

Description

...

Service Provider’s XML metadata

...

Yes

...

SAML metadata of the Circulation Manager\'s Service Provider in an XML format. MUST contain exactly one SPSSODescriptor tag with at least one AssertionConsumerService tag with Binding attribute set to urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.

You can use OneLogin SAML Tools to build SP metadata

...

Service Provider’s private key

...

No

...

Private key used for encrypting and signing SAML requests

...

Identity Provider’s XML metadata

...

Yes

...

SAML metadata of Identity Providers in an XML format.

MAY contain multiple IDPSSODescriptor tags but each of them MUST contain at least one SingleSignOnService tag with Binding attribute set to urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.

You can use OneLogin SAML Tools to build IdP metadata

...

Internal signing secret for OAuth and SAML bearer tokens

...

No

...

Secret used for signing Bearer tokens issued by SAML authentication provider and used by client applications to confirm their authentication status

Setting up a SAML authentication provider in Circulation Manager

To set up a new SAML authentication provider in Circulation Manager you need to create a new authentication provider and set its type to SAML 2.0 Web SSO. After that you need to fill in mandatory parameters described above and show on the picture below:

  • Name 
  • Service Provider’s XML Metadata
  • Identity Provider’s XML Metadata

Image Removed

If you want SAML assertions to be encrypted you need to set up an SP’s private key in Optional Fields group:

Image Removed

After you filled in all the parameters, you can link this provider to a library using Libraries group and then click on Submit to finish article.

Testing

You can find information about testing in SAML Testbed article.

...