Recommended Configuration to Account for Sandbox Refresh

Ex Libris refreshes premium sandboxes by copying all Alma production data, including authentication profiles, to the sandbox. If the sandbox requires a different authentication profile than the one on the production server, the refresh has the potential to break authentication to the sandbox.

This guide presents one-time configuration steps for authentication profiles that all institutions should perform on their production server to avoid having to perform small configuration tasks on your sandbox after every refresh. If you perform these one-time steps, authentication on your sandbox will continue to work seamlessly after every refresh without any additional configuration, or with minimal configuration.

If you require further assistance, contact Ex Libris customer support.

For more information, see Supporting LDAP.

Ex Libris recommends that you use the same LDAP profile for both the production server and the sandbox. In this case, no additional configuration of LDAP is required on the sandbox after a refresh. 

For more information, see SAML Based Single Sign-On/Sign-Off and CAS Based Single Sign-On/Sign-Off.

If the production server and the sandbox use the same SAML identity provider or CAS service, Ex Libris recommends that you use the same authentication profile in both environments. In this case, no additional configuration of SAML or CAS is required on the sandbox after a refresh.

Note that you must create a separate SAML relying party trust for the sandbox on the SAML identity provider side and/or you must authorize the sandbox to use the CAS service.

If the production server and the sandbox use different SAML identity providers or CAS services, copy the sandbox authentication profile to the production server as a non-default profile.

After a refresh, you can log in to the sandbox using SAML or CAS with one of the following URLs:

• SAML: https://<Alma sandbox domain>/institution/{INST_CODE}/SAML/idpCode/{sandbox SAML integration profile code}
• CAS: https://<Alma domain>/institution/{INST_CODE}/CAS/idpCode/{sandbox CAS integration profile code}

For more information, see Social and Email Login.

Ex Libris recommends that you use the same social authentication profile on both the sandbox and the production server. In this case, no additional configuration of social login is required on the sandbox after a refresh. 

If the Primo sandbox is configured to work with the Alma production server, no additional configuration of the Primo sandbox is required on the sandbox after a refresh.

If the Primo sandbox is configured to work with the Alma sandbox:

1. On both Alma production and premium sandbox servers, update the value of primo_test_pds_url (see Configuring Other Settings) to:
   For a PDS Profile: https://<pds_server>/pds?
   For a non-PDS Profile: https://<Primo Sandbox Base>/primo_library/libweb/webservices/rest/PDSUserInfo?
2. Follow the instructions for the Templates mapping table in Primo (see Delivery Subsystem) to configure env_type.

If you are using different PC keys for your premium sandbox and production environments, after a premium sandbox refresh, you must add your sandbox PC key.