KNF:SSOnotification/en: verschil tussen versies
(add cat and title) |
|||
Regel 33: | Regel 33: | ||
#*Click on 'Naar dienst' ('To service') |
#*Click on 'Naar dienst' ('To service') |
||
#'''The user is now logged in and subsequently the user attributes that were used during the login process are shown.''' |
#'''The user is now logged in and subsequently the user attributes that were used during the login process are shown.''' |
||
+ | |||
+ | == Implementation using an Iframe == |
||
+ | * To implement SSO notification in an Iframe the following script should be placed within the Iframe: http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Kennisnet_federatie/Plug-ins/EntreeSSONotificatie.txt |
||
+ | * To implement SSO notification in Sharepoint 2007 the following webpart should be used: http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Kennisnet_federatie/Plug-ins/Entree.SSO.1.0.3.wsp |
||
+ | * To implement SSO notification in other Sharepoint versions the script (http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Kennisnet_federatie/Plug-ins/EntreeSSONotificatie.txt) should be placed in a hidden webpart. |
||
+ | |||
+ | Two variables in the script have to be edited: |
||
+ | * '''var eloid''': contains the unique identifier (Entity Id) of the Kennisnet Federation coupling |
||
+ | * '''var elourl''': the location/domain where the script is hosted |
||
+ | |||
+ | == Implementation using a redirect == |
||
+ | The following url has to be invoked: |
||
+ | <br> |
||
+ | <nowiki>https://aselect.entree.kennisnet.nl/openaselect/profiles/entree?id=<identifier of the coupling>&url=<url encoded url>&redirectUri=<url encoded url></nowiki> |
||
+ | |||
+ | For example: |
||
+ | https://aselect.entree.kennisnet.nl/openaselect/profiles/entree?id=http://authenticate.example.org&url=http%3A%2F%2Fwww.example.org&redirectUri=http%3A%2F%2Fwww.example.org |
||
+ | |||
+ | The URL has to be whitelisted by Kennisnet, you need to provide this URL to Kennisnet. |
||
[[Categorie:Kennisnet Federatie]] |
[[Categorie:Kennisnet Federatie]] |
Versie van 1 okt 2015 11:57
Kennisnet Federation: SSOnotification
Nederlands | English |
If a school has its own connection with the Kennisnet Federation (for example an ELE or an ADFS) there is the possibility to skip the inlog screen of Entree. This is done via the use of a cookie, which is set after the user has logged in on his own environment (for example an intranet page or the homepage of re ELE).
The cookie only contains information about the school on the basis of which the correct school is selected in the Entree inlog screen.
To show the advantage of SSOnotification follow the two scenarios beneath.
Example without SSOnotification:
To simulate this scenario follow these steps:
- The student/teacher logs in on the ELE/Active directory
- Go to: Reference ELE
- The student/teacher clicks on a link to learning material
- Click on 'Naar dienst' ('To service')
- You're going to the WAYF (Where Are You From) screen. There's no information available about the school the user is coming from.
- Select 'Inloggen via je school' ('Login by school')
- Then select 'Referentie Klant Organisatie' ('Reference customer organisation')
- Click on 'verder' ('next')
- This step is unique for our Reference ELE, because of the possibility to enter dummy data. Normally the user attributes are sent through the back channel
- Enter the dummy data
- Click on 'Naar dienst' ('To service')
- The user is now logged in and subsequently the user attributes that were used during the login process are shown.
Example with SSOnotification:
To simulate this scenario follow these steps:
- The student/teacher logs in on the ELE/Active directory
- Go to: Reference ELE
- Click on 'SSO Notification'
- The student/teacher clicks on a link to learning material
- Click on 'Naar dienst' ('To service')
In this scenario the WAYF (Where Are You From) screen will not be shown. The system reads the cookie that is used for SSOnotification and automatically selects the correct school.
- Click on 'Naar dienst' ('To service')
- This step is unique for our Reference ELE, because of the possibility to enter dummy data. Normally the user attributes are sent through the back channel
- Enter the dummy data
- Click on 'Naar dienst' ('To service')
- The user is now logged in and subsequently the user attributes that were used during the login process are shown.
Implementation using an Iframe
- To implement SSO notification in an Iframe the following script should be placed within the Iframe: http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Kennisnet_federatie/Plug-ins/EntreeSSONotificatie.txt
- To implement SSO notification in Sharepoint 2007 the following webpart should be used: http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Kennisnet_federatie/Plug-ins/Entree.SSO.1.0.3.wsp
- To implement SSO notification in other Sharepoint versions the script (http://www.kennisnet.nl/fileadmin/contentelementen/kennisnet/Kennisnet_federatie/Plug-ins/EntreeSSONotificatie.txt) should be placed in a hidden webpart.
Two variables in the script have to be edited:
- var eloid: contains the unique identifier (Entity Id) of the Kennisnet Federation coupling
- var elourl: the location/domain where the script is hosted
Implementation using a redirect
The following url has to be invoked:
https://aselect.entree.kennisnet.nl/openaselect/profiles/entree?id=<identifier of the coupling>&url=<url encoded url>&redirectUri=<url encoded url>
The URL has to be whitelisted by Kennisnet, you need to provide this URL to Kennisnet.