User Authentication with SAML
User Authentication with SAML
SAML enables Rosetta to exchange authentication and authorization information, allowing a user to sign in or out of an external system and be automatically signed in or out of Rosetta, or vice versa. Rosetta supports the SAML 2.0 Web Browser SSO profile.
When consortium members log in with SAML, a list of institutions for which they have permissions is displayed from which they can select the one to which they want to log in.
For a more information concerning SAML-based SSO for Rosetta, see http://developers.exlibrisgroup.com/rosetta/integrations/saml
To configure the SAML authentication profile:
Authentication Profile Details
- From the Rosetta Administration module, click Users > Authentication Profiles > Add Authentication Profile. The following page is displayed:
- Enter a name and description for the profile.
- You can populate the profile information from metadata. To use a metadata link, select HTTP and provide the location of the link in the URL field. To use a metadata upload, select File and select the file. For more information about this file, see https://developers.exlibrisgroup.com...egrations/saml.
- Click Populate Profile to populate the profile information.
- If you do not populate the profile from metadata, enter the settings for the IdP issuer, IdP Login URL, IDP Logout URL, and User ID Location.
- For User Group Location, select Attribute and for Attribute Name, enter the name of the attribute in the SAML XML file that contains the user group list.
- In Certificate upload method, select the type of certificate to upload. Alma accepts certificate file uploads and free‐text certificate entry. If you select Free Text, enter the text of the certificate. If you select File, select the file.
- Select ADFS if the IdP enables Active Directory Federation Services.
- Select the Rosetta certificate version that you want to use, and click Generate Metadata File to generate the Rosetta metadata file that you are required to provide to the IdP.
- Click Save.