Adding a new SAML (including Okta), Shibboleth, or ADFS configuration

Getting there

To create and manage your LibAuth profiles, go to LibApps > Admin > LibAuth Authentication.

Navigating to the Manage Authentication page


Before you begin

Before setting up your new SAML, Shibboleth, or ADFS configuration, you'll want to work with your IT staff on the following:

Permissions

Server Information

  • Do you belong to InCommon or UK Federation? If so, you'll need to know the entityID of your SAML configuration.
    • What's a federation? A federation provides a common shared framework for providing access to online resources. They use a standard set of metadata and attributes, which make setting up LibAuth a breeze.
  • Otherwise, obtain the URL to your SAML Metadata XML file from your IT staff.
  • If you use Shibboleth, 2.x and above, ask your IT staff if your system uses a custom logout URL. This URL can be used with LibAuth.
  • If you are using SAML via Okta to log into LibApps, please note that LibApps cannot read cookies written by Okta.
    • As a result, LibApps would not know whether or not a user was already logged in. Users will still need to click the link to your LibAuth configuration on your LibApps login page.
  • ‚ÄčPlease note: LibAuth does not currently support OpenAthens.

Attributes

  • Obtain the attributes used for First Name, Last Name, and Email from your IT staff. For attribute release, use the following Name ID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
  • ADFS users, please note that the attribute format for First NameLast Name, and Email looks like a URL: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname, etc.
  • If you want to set up group permissions, you'll need to know the names of certain attributes (such as status or department), along with their possible values.
    • For example, if you have an attribute for "Department", you'll want to know the names of the departments that you can pick from.
    • This will allow you to create group permissions so you can restrict access to things by department.
Your mileage may vary: we understand that everyone's authentication system may be set up differently than what's considered standard. Because we can't anticipate all of the possible setup variations, your mileage may vary from what's covered in these guides. Please work closely with your IT staff and don't hesitate to contact Springy Support if you need any help!

Adding a new configuration for InCommon or UK Federation members

If you belong to InCommon or the the UK Federation, we can automate much of the setup process for you.

  1. Click on the Add Configuration button.
  2. In the LibAuth Configuration Setup window, select your institution from the dropdown.
  3. Click the Save button to continue. The correct Server Info, Parameters, and Attributes will automatically be filled in for you.
  4. Give your configuration a name.
  5. If you'd like, you can also provide notes or details about this configuration for your reference.
  6. Select "Yes" or "No" to indicate if you would like to use your LibAuth configuration to sign into LibAuth. This will give staff the option of signing in using your authentication system, or with their LibApps username and password.
  7. Click the Save Configuration button.

Screenshot of the Add Configuration button

Selecting an InCommon or UK Federation institution

Saving a new InCommon or UK Federation configuration


Adding a new manual configuration

If you do not belong to InCommon or the UK Federation, you can still manually set up your configuration.

  1. Click on the Add Configuration button.
  2. In the LibAuth Configuration Setup window, click on the "Manual Configuration" link.
  3. Select SAML/Shibboleth/ADFS as your authentication protocol.
  4. Configure your server information & parameters.
    1. Select "Yes" or "No" to indicate if your institution is a member of InCommon.
    2. Select "Yes" or "No" to indicate if your institution is a member of UK Federation.
    3. If you do belong to InCommon or UK Federation, enter the entityID of your SAML configuration. Otherwise, enter the URL to your SAML metadata XML file.
    4. If you use Shibboleth 2.x and have a custom logout URL, enter that to use it with LibAuth.
  5. Configure the attributes released from your server.
    1. Enter the field name of the attribute that contains the user's first name.
    2. Enter the field name of the attribute that contains the user's last name.
    3. Enter the field name of the attribute that contains the user's email address.
  6. Give your configuration a name.
  7. If you'd like, you can also provide notes or details about this configuration for your reference.
  8. Select "Yes" or "No" to indicate if you would like to use your LibAuth configuration to sign into LibAuth. This will give staff the option of signing in using your authentication system, or with their LibApps username and password.
  9. Click the Save Configuration button.

Screenshot of the Add Configuration button

Clicking to set up a manual configuration

Example of setting up a SAML configuration 

Related Articles