NEW PRIMO AUTHENTICATION TRANSITIONING FROM PDS TO SAML
- Slides: 33
NEW PRIMO AUTHENTICATION TRANSITIONING FROM PDS TO SAML PAUL MCBRIDE | SENIOR PRIMO SUPPORT ANALYST WEI DAI | TECHNICAL INFRASTRUCTURE ANALYST © 2017 Ex Libris | Confidential & Proprietary
Welcome and Introductions • Paul Mc. Bride • • Tier 2 Primo Senior Support Analyst Joined Ex Libris in 2010 SME on Primo APIs 10 years corporate IT application development & support • Wei Dai • Infrastructure Support Specialist • Joined Ex Libris in 2005 • Previously did application development for academic libraries © 2018 Ex Libris | Confidential & Proprietary 2
Objectives and Target Audience New Primo Authentication: • Supported Authentication methods • Cascading login • Parallel login Session Objective(s) • able to: • Plan for moving to the Primo Authentication Manager • Understand the advantages and limits of this new option • Configure and enable a Profile Session Target Audience: • New or Experienced Customers • Systems or Technical Librarians • Developers • Familiarity with current authentication setup © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 3
Agenda 1 Primo Authentication Manager 2 How It Works 3 Configuration 4 Customization & Sandbox 5 Next Steps and Support Resources © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 4
Primo Authentication Manager © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 5
Primo Authentication Manager – Supported methods Single Sign. On SAML CAS Direct Login OAuth 2 LDAP Facebook Aleph Google Future: Ex. Libris Cloud Identity Provider Twitter * Cannot be used with Aleph or Voyager © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 6 Email Password-less sign in
Primo Authentication Manager - Features Parallel Login • Any login type (Up to 5) Cascading Login • Multiple Direct Login instances Attribute Mapping • Similar to PDS Back Office interface • No need for server access Simplified Configuration • Streamlined configuration for each authentication method Customer Configuration • Entirely configured and maintained by customers © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 7
Patron ID in Primo E-Shelf Personalized Results Saved Search Patron ID Search Preferences (e. g. results per page) Saved Search Alerts Tags & Reviews © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 8
How It Works © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 9
Authentication & Authorization Flow Authentication Authority Login request Login Success Identity Confirmed Return ID code User ID confirmed Return user information Session created Request user info (GUEST) Process received information © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary Patron Information Source 10
OAuth 2 – Authentication Flow Send email invitation Choose Oauth system and send request Login request User consents. (Facebook, Google, Twitter) Token received Adding social ID to user identifiers Request user. ID Identity Confirmed Return ID code Session created Request user info (GUEST) © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 11 Create and deliver access – token & Social ID Token Verified Send confirmation
Request & Loans API Load Alma i. Frame Request URL + Session ID Start Verification process n ID io Sess Find user by session ID Use r Request/Loan Displayed © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary Ide ntit y Request / Loan information 12 User verified and authorized
Configuration © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 13
Configuration 1 Configuring a Profile 2 Cascading Login 3 Parallel Login 4 Attribute & Value Mapping 5 Alma Configuration © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 14
Configuration – Ongoing Configuration Wizards > User Authentication Wizard © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 15
SAML Configuration © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 16
CAS Configuration © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 17
LDAP Configuration Certificate must be signed by a certificate authority recognized by Primo © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 18
Cascading Login Profile – Creating © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 19
Cascading Login Profile – Profile Selection © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 20
Cascading Login Profile © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 21
Attribute & Value Mapping Example User information source parameters Defaults used for Aleph © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 22
Attributes List Attribute Description email_address The user’s email address. Primo will use this email address if the user does not have an email address defined in Primo. If the EMAIL_OVERRIDE authentication parameter has been enabled, the value of this attribute will override the email address defined for the user in Primo. For Alma the default mapping is email_address. group The user group. For Alma the default mapping is group. id The user ID. For Alma the default mapping is id. ils_api_id The ID used for OPAC via Primo in case it is not the same as the regular ID. For Alma there is no default mapping because this attribute is not required for Alma. institute The Primo institution. This attribute can be used if there is a need to override the institution that the user signed in with (that is the institution of the view). For Alma there is no default mapping because the Primo institution defaults to the institution of the active view. If you want to override the institution of the view, you can specify an Alma attribute. name The name that displays for the user in the Primo Front End. For Alma the default mapping is user. Name. © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 23
Alma Configuration – Primo PDS URL • Update the primo_pds_url • Found under Alma > General Configuration > Configuration Menu > General Configuration > Other Settings • Set it to a URL formatted like: http: //<host>: <port>/primo_library/libweb/webservices/rest/PDSUser. Info? © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary
Alma Configuration – Patron Identifier • Check patron record for identifier value and make sure they have the “Patron” permissions • The secondary identifiers are case sensitive © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary
Customization & Sandbox © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 27
Parallel Login Code Tables -> User Login © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 28
Direct Login Ø https: //knowledge. exlibrisgroup. com/Primo/Product_Documentation/060 Back_Office_Guide/040 Primo_User_Authentication/080 Login_Pages_for_User_Authentication © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 29
Sandbox Testing In Alma • Update primo_test_pds_url to your Primo Sandbox • Add the Primo Sandbox FE IP addresses to PDS IPs table In Primo • Append &env_type=test to the Template Code field of • almasingle_services • Almaviewit_remote • Almagetit • Almasingle_service_remote • almaviewit_services • almagetit_services • Almasingle_service • Almaviewit © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 30
Next Steps and Support Resources • Customer Knowledge Center • Primo User Authentication • Attribute Mapping • Primo Authentication configured and working but Alma Get. It still wants me to sign in • Changing to vanity URL: • Working with custom domain names on hosted Ex. Libris environments https: //knowledge. exlibrisgroup. com/Primo/Knowledge_Articles/Working_with_custom_do main_names_on_hosted_Ex. Libris_environments • Additional support resources within the Ex. Libris Ecosystem: • Idea Exchange • System Status Pages: Single Tenant ENV / Multi-Tenant ENV • Developer Network • Technical Seminar Presentations (located in the Cross-Product section of the CKC) © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 31
Q&A Any Questions? © 2018 Ex Libris | Confidential & Proprietary © 2017 Ex Libris | Confidential & Proprietary 32
Session Feedback We Value Your Feedback! Please complete the brief Session Comment Card: © 2018 Ex Libris | Confidential & Proprietary 33
THANK YOU Wei. Dai@exlibrisgroup. com Paul. Mc. Bride@exlibrisgroup. com © 2017 Ex Libris | Confidential & Proprietary
E primo authentification
Message authentication and entity authentication
Security services x.800
Saml
What does saml stand for
Papercut mobility print dns
Saml xacml
Saml sequence diagram
El primo de mi primo
Pds
Pds church office
Pds report
Pds
Pds
Ruptura perinei
Challenger guaranteed income plan pds
Http://pds.jpl.nasa.gov/planets/
Scm-pds
Pds service
Precential
Pds report
Ivv pds
Pds 2010
Pds group
Mlc index plus balanced portfolio
Pds product design specification example
Pds doc
Supramid
Pds multinational group
Pds suture wiki
Authentication functions in cryptography
What is passive authentication
Ospf authentication types
Kerberos x.509
