For schools that are not members of a federation included in EduGAIN, Compilatio can provide a Shibboleth Service Provider reserved for a school's private IDentity Provider (IDP). The IDP and the SP will communicate directly with each other, without intermediaries.
The IDP must be compatible with Shibboleth SP v3.
Features
SSO | Yes |
Types of authorized users | Teachers, institutional staff, doctoral students |
Customization possible ? | Yes, this is the main characteristic of this authentication |
Steps to implement authentication
- The requesting establishment must create an IDentity Provider (IDP) and provide us with the IDP's metadata.
- The establishment must release the user account attributes that will be used for authentication. A typical configuration uses the following attributes
- mail: contains the user's e-mail address
- eduPersonPrincipalName (eppn): contains a unique identifier for the user account
- sn: contains the user's lastname
- givenName: contains the user's first name
-
eduPersonPrincipalAffiliation: contains the user's role. This attribute can be used to filter access to the Compilatio service (students are not authorized to use Magister+ services).
Other attributes can be used, in particular for the attribute used for the access filter. - Based on the metadata, Compilatio creates a Service Provider (SP) dedicated to this IDP.
- Compilatio communicates the SP's metadata to the institution, which integrates it into the IDP's configuration.
- A test phase is generally necessary to adjust the attributes released by the IDP and the SP's access filter. It is preferable for the establishment to send a test account to Compilatio to carry out these tests.
---
Find out about other external authentication systems:
- External authentication with Shibboleth federated RENATER / EduGAIN
- External authentication CAS (Central Authentication Service)
- External authentication LDAP (Lightweight Directory Access Protocol)
- External authentication with Microsoft Entra ID (previously Azure AD)