Eval25 Single Sign On with Shibboleth

Overview

An important component of the Eval25 System is “single sign-on” functionality for the faculty and staff users accessing the system from your institution. This is facilitated using Shibboleth (https://www.shibboleth.net/) an open source framework that provides identity management and access control.

CollegeNET supports and recommends the use of Shibboleth for Single Sign On.

CollegeNET is an InCommon Federation Sponsored Partner. (http://www.incommon.org/)

This document describes the implementation process for shibboleth integration. If you do not have an on-campus portal or web access to your SIS, we can provide other means of authenticating your users. Please email support@collegenet.com to work out the details.

Shibboleth Implementation

At the beginning of the implementation process, CollegeNET will provide you with the Assertion Consumer Service (ACS) URL of the Eval25 application to use with your shibboleth access.

It will look something like: https:/www.applyweb.com/eval/shibboleth/schoolabbr/12345

If you are an InCommon* member:

  • Provide CollegeNET with the entityID of your Identity Provider (IdP).
  • Provide CollegeNET with the name of your userID attribute.

This will be passed to CollegeNET as part of the authentication process.

We typically use uid (User ID), but we also can support ePTID (eduPersonTargetedId) and others.

The most important factor is: the User ID attribute must match whatever you are planning to send us in your data file as the student/instructor/admin ID.

For InCommon customers, we generate the metadata and then a day later you will automatically receive it with your InCommon metadata download.

CollegeNET's SP's entityID: https://corp.collegenet.com/shibboleth-sp/

If you are not an InCommon Member:

We will need to know the URLs of your IdP metadata and its signing public certificate.

Your IdP? will need to pass us a unique user ID attribute. Please provide the name of this attribute. We will then generate the SP metadata for you to add to your IdP.

The most important factor is: the User ID attribute must match whatever you are planning to send us in your data file as the student/instructor/admin ID.

AttributeValue
CollegeNET's SP metadatahttps://corp.collegenet.com/shibboleth-sp/metadata.saml
Assertion Consumer Service (ACS)This is your ACS URL
Entity IDhttps://corp.collegenet.com/shibboleth-sp/

Useful Terms

TermComment
IdPIdentity Provider (in this case, your school portal)
SPService Provider (in this case, CollegeNET’s Eval25 system)
ACSAssertion Consumer Service, the URL of the course evaluation system for your institution. Users attempting to visit this URL will be redirected to the login page for your IDP.

* The InCommon® name and all InCommon logos are registered trademarks of InCommon, an LLC operated by Internet2®