Ebook Central Admin: Authentication, SAML

Security Assertion Markup Language (SAML) is a standardized data format for exchanging authentication and authorization data between parties, such as a customer and a vendor. Based on XML and other known standards, SAML enables you to use your own directory service (such as LDAP or Active Directory) for single-sign-on to Ebook Central.

For customers using SAML on Ebook Central, your users would be taken to your own Sign In page for authentication. Users would enter the same credentials they already use for other company or library resources to sign in. User credentials would not be sent to Ebook Central.

Which SAML version is supported on Ebook Central?

We support SAML 2.0.

Which attributes are used for user ID matching?

We accept the following attributes:

EITHER eduPersonPrincipalName
OR (eduPersonPersistentID AND eduPersonScopedAffiliation)

SAML format for these attributes:

( eduPersonPrincipalName : urn:mace:dir:attribute-def:eduPersonPrincipalName urn:oid:1.3.6.1.4.1.5923.1.1.1.6   eduPersonPersistentID: Format (NameQualifier!SPNameQualifier!Name) urn:oid:1.3.6.1.4.1.5923.1.1.1.10 urn:oasis:names:tc:SAML:2.0:nameid-format:persistent (NameID format)   eduPersonScopedAffiliation: urn:mace:dir:attribute-def:eduPersonScopedAffiliation urn:oid:1.3.6.1.4.1.5923.1.1.1.9 )

We expect standard email format in the attribute. Unsupported characters for email are ,;:<>\()[]

Are SP or IdP initiated logins supported?

We support both SP and IdP initiated logins.

What is the set-up process? 

1. We exchange test metadata
2. We set up a test site and configure it using your metadata. You would do the necessary configuration using our metadata. We are unable to provide step-by-step SAML setup instructions for customer systems
3. We work together to verify sign in on the test site, and troubleshoot if needed
   1. Our recommendation is for you to provide us with test credentials, so that we can immediately test, troubleshoot any issues, and re-test
   2. We understand that you may not wish to provide credentials due to security policies or other reasons, in which we will rely on you to test
4. Once the testing is successful, you would send us production metadata (if different)
5. We configure your production site, verify that it works, and go live

NOTE: SAML authentication on Ebook Central requires custom setup by our development team. Be aware that it can take several weeks to complete the setup due to the need to schedule the work alongside other engineering priorities and to complete any troubleshooting that is needed. We complete the setup on a test site so that your existing live Ebook Central site remains accessible during the setup period.