FAQ content

Adding a new Shibboleth configuration to LibAuth

In this article

Before you begin

Before setting up your new Shibboleth configuration, you'll want to work with your IT staff on the following:

Permissions

  • Your IT staff must add Springshare as an authorized service provider using the appropriate Entity ID for your region unless your site automatically adds InCommon service providers (see the InCommon Federation Technical Guide for more info). When setting up a manual SAML configuration, you will find a link to the Entity ID at the top of the Configuration tab.

The Entity ID link under the Configuration tab

Server Information

  • Obtain the URL to your SAML Metadata XML file from your IT staff.
  • If you use Shibboleth, 2.x and above, ask your IT staff if your system uses a custom logout URL. This URL can be used with LibAuth.

Attributes

  • Obtain the attributes used for First Name, Last Name, and Email from your IT staff. For attribute release, use the following Name ID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  • If you want to set up optional group permissions, you'll need to know the names of certain attributes (such as status or department), along with their possible values.
    • For example, if you have an attribute for "Department", you'll want to know the names of the departments that you can pick from.
    • This will allow you to create group permissions so you can restrict access to things by a department.
Your mileage may vary: we understand that everyone's authentication system may be set up differently than what's considered standard. Because we can't anticipate all of the possible setup variations, your mileage may vary from what's covered in these guides. Please work closely with your IT staff and don't hesitate to contact Springy Support if you need any help!

Getting there

LibApps Admin users can create and manage LibAuth configurations by going to LibApps > Admin > LibAuth Authentication.

Navigating to the Manage Authentication page
LibApps admin-level users can access LibAuth settings via the LibApps dashboard, under Admin > LibAuth Authentication.

Adding a new manual configuration

From the Admin > LibAuth Authentication page:

  1. If you have not yet created a LibAuth configuration, skip to Step 2. Otherwise, click on the Add Configuration button to create another one.

Screenshot of the Add Configuration button

  1. Below the Search for Your Institution dropdown, click on the Manual Configuration link.

Clicking to set up a manual configuration

  1. Select SAML/Shibboleth/ADFS as your authentication protocol.

selecting the SAML / Shibboleth / ADFS protocol

  1. Configure your server information & parameters.
    1. Select "No" for the InCommon membership option.
    2. Select "No" for the UK Federation membership option.
    3. Enter the URL to your SAML metadata XML file.
    4. If you use Shibboleth 2.x and have a custom logout URL, enter that to use it with LibAuth.

server info and parameters fields

  1. Configure the attributes released from your server.
    1. Enter the field name of the attribute that contains the user's first name (optional, but recommended).
    2. Enter the field name of the attribute that contains the user's last name (optional, but recommended).
    3. Enter the field name of the attribute that contains the user's email address (required).

attributes fields

  1. Give your configuration a name.
  2. If you'd like, you can also provide notes or details about this configuration for your reference.
  3. Click the Save Configuration button.

general fields and save configuration button