Ebook Central Admin: Authentication, SAML

Security Assertion Markup Language (SAML) is a standardized data format for exchanging authentication and authorization data between parties, such as a customer and a vendor. Based on XML and other known standards, SAML enables you to use your own directory service (such as LDAP or Active Directory) for single-sign-on to Ebook Central.

For customers using SAML on Ebook Central, your users would be taken to your own Sign In page for authentication. Users would enter the same credentials they already use for other company or library resources to sign in. User credentials would not be sent to Ebook Central.

Which SAML version is supported on Ebook Central?

We support SAML 2.0.

Which attributes are used for user ID matching?

We accept the following attributes:

EITHER eduPersonPrincipalName
OR (eduPersonPersistentID AND eduPersonScopedAffiliation)

SAML format for these attributes:

(
eduPersonPrincipalName :
urn:mace:dir:attribute-def:eduPersonPrincipalName
urn:oid:1.3.6.1.4.1.5923.1.1.1.6

eduPersonPersistentID: Format (NameQualifier!SPNameQualifier!Name)
urn:oid:1.3.6.1.4.1.5923.1.1.1.10
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent (NameID format)

eduPersonScopedAffiliation:
urn:mace:dir:attribute-def:eduPersonScopedAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.9
)

We expect standard email format in the attribute. Unsupported characters for email are ,;:<>\()[]

Are SP or IdP initiated logins supported?

We support both SP and IdP initiated logins.

What is the set-up process?

We exchange test metadata
We set up a test site and configure it using your metadata. You would do the necessary configuration using our metadata. We are unable to provide step-by-step SAML setup instructions for customer systems
We work together to verify sign in on the test site, and troubleshoot if needed
1. Our recommendation is for you to provide us with test credentials, so that we can immediately test, troubleshoot any issues, and re-test
2. We understand that you may not wish to provide credentials due to security policies or other reasons, in which we will rely on you to test
Once the testing is successful, you would send us production metadata (if different)
We configure the your production site, verify that it works, and go live