About
Staff need to be able to login to Alma and end-users need to be able to login to Primo to perform tasks. Adopting a systemwide approach allows us to streamline the process for setting-up authentication. It also allows us to coordinate this work with the related task of automating the loading of patron data from PeopleSoft to Alma.
Information needed from each campus
Ex Libris would like two things from each campus:
- The ‘release attribute’ (read: field in the user data) that will serve as the ‘match point’ between Shibboleth and Primo/Alma.
- A set of test credentials so they can assist with testing.
You can send the test credentials to David.
Release Attribute
We recommend surveying the options below and consulting with your campus identity management contact before making a decision. If you are unsure who that is at your campus, check the contacts at the bottom of this page.
Info |
---|
Users will always login to Shibboleth with their campus username and password regardless of which release attribute you choose. The release attribute is simply the identifier Shibboleth will send to Primo behind the scenes to match the user record in Alma. |
1. PeopleSoft ID
With this option, only users with an existing entry in PeopleSoft can login to Primo via Shibboleth.
Any library user who does not have an existing entry in PeopleSoft (e.g., community borrowers, potentially some auxiliary users) will need to be added to Alma as an 'internal' user, and will login to Primo using the 'internal' login instead of via Shibboleth.
If you want to proceed with this option, your campus Shibboleth administrator can follow the directions here and you can begin testing immediately.
2. Campus username
With this option, any user with a campus username can login to Primo via Shibboleth.
Any other library user who does not have a campus username (e.g., community borrowers) will need to be added to Alma as an 'internal' user, and will login to Primo using the 'internal' login instead of via Shibboleth.
This option potentially covers a slightly larger pool of users than the option above, but will require extra work, and so comes with two significant caveats. Read these carefully.
- This option could be useful if your campus has a fairly sizeable number of affiliated people outside of PeopleSoft who are loaded into both Alma and Shibboleth. If these users are not loaded into both systems, you gain nothing by choosing this option.
- To ensure that this option works, every user in Alma must have a campus username. And therefore the automated patron data load will also need to include a username for each user. The centrally-developed patron data load process is getting its data from PeopleSoft. So, if you want to use this authentication option and also rely on the centrally-developed patron load process, you will need to ensure that your campus stores usernames in PeopleSoft. If they do not, you’ll need to work with your campus on a local patron data load process.
Users who are not in PeopleSoft but have a campus username can be added to Alma either manually or through a separate automated process. Either way, they can still login to Primo via Shibboleth.
If you want to proceed with this option, please let us know which Shibboleth attribute will be the match point (your Shibboleth administrator should know this). We’ll need to inform Ex Libris of this decision so they can make a change on their end. And then your Shibboleth administrator can follow the directions here and you can begin testing.
Major Milestones
Status | ||||
---|---|---|---|---|
|
Status | ||||
---|---|---|---|---|
|
Status | ||||
---|---|---|---|---|
|
Documentation
- Guide for CSU Identity Providers
- Presentation to CSU Identity management staff
- Authentication Using SAML from Ex Libris
Meeting Notes:
Documentation
This documentation is for your Shibboleth administrator. They will need to modify the Shibboleth configuration to work with Alma. Alma should already be configured to support Shibboleth.
Project Team
Role | Name | |
---|---|---|
Project lead | ||
Chancellor's Office Contacts | Marcus Mizushima (Shibboleth) Michael Trullinger (Dir. Tech Infr.) Carol Kiliany (Project Manager) | |
Ex Libris Contacts | Informed / Other Stakeholders | brandon dudley (Unlicensed), Lauren Magnuson (Unlicensed)Wei Dai |
Campus Contacts
Contact | Campus | Title | Phone | |
Trullinger, Michael | CO-ITS | Associate Director, Identity and Access Management | mtrullinger@calstate.edu | 562-951-4295 |
Mizushima, Marcus | CO-ITS | Lead Identity Management Analyst | mmizushima@calstate.edu | 562-951-4532 |
Kilingenstein, Nate | CO-ITS | Identity Mangment Analyst | nklingensein@calstate.edu | 562-951-4286 |
Kiliany, Carol | CO-ITS | Project Manager | ckiliany@calstate.edu | 562-951-4214 |
Fleming, Michael | Bakersfield | Network Analyst | mfleming@csub.edu | 661-654-2118 |
Aquino, Herb | Channel Islands | Manager, IT Infrastructure | herb.aquino@csuci.edu | 805-437-8550 |
Miller, Andy | Chico | Senior Director, Enterprise Applications | lamiller@chico.edu | 530-898-3169 |
Chang, Bill | Dominguez Hills | Director, Enterprise Applications | bchang@csudh.edu | 310-243-3702 |
Lim, Gene | East Bay | Dir, Sys & Infrastructure Eng | gene.lim@csueastbay.edu | 510-885-7283 |
Mize, Mike | Fresno | Operating Systems Team Lead | mikem@csufresno.edu | 559-278-3923 |
Luzzi, Joe | Fullerton | IT-Enterprise Resource Planning | jluzzi@exchange.fullerton.edu | 657-278-3251 |
Callahan, Josh | Humboldt | Information Security Officer | josh.callahan@humboldt.edu | 707-826-3815 |
Santana, Jesse | Long Beach | Dir, Servers, Systems&Web Svcs | Jesse.Santana@csulb.edu | 562-985-4750 |
Lee, Michael | Los Angeles | Associate Director, CMS and Enterprise Systems | mlee40@cslanet.calstatela.edu | 323-343-2651 |
Sosa, Paul | Maritime Academy | Operating Sys Analyst | psosa@csum.edu | 707-654-1728 |
Mann, Steven | Monterey Bay | Associate Director of Network Services | steven.mann@csumb.edu | 831-582-4533 |
Jeff Arlt | Moss Landing | Network Administrator | jarlt@mlml.calstate.edu | 831-771-4425 |
Krezwinski, Kevin | Northridge | Director, Applications Development | kevin.krezwinski@csun.edu | 818-677-5911 |
Arboleda, Al | Pomona | Chief Technology Officer | aarboleda@cpp.edu | 909-979-6449 |
Pike, Brennan | Sacramento | Identity Management Lead | pikejb@csus.edu | 916-278-7635 |
Torner, Javier | San Bernardino | Information Security Officer | jtorner@csusb.edu | 909-537-7720 |
Jeffers, Marcus | San Diego | Lead Identity Management Analyst | mjeffers@mail.sdsu.edu | 619-594-5432 |
Nagore, Basha | San Francisco | Identity Management Analyst | nagore@sfsu.edu | 415-405-4346 |
Cook, Mike | San Jose | Dir. Identity, Sec. & Ent Comp | mike.cook@sjsu.edu | 408-924-1705 |
Malone, Dan | San Luis Obispo | Identity Architect | dmalone@calpoly.edu | 805-756-6326 |
Margo Lopez | San Marcos | Director, Systems Integration and Identity Management | margo@csusm.edu | 760-750-4786 |
Brian Biggs | Sonoma | Analyst/Programmer | brian.biggs@sonoma.edu | 707-664-2047 |
Cardoza, Corey | Stanislaus | Analyst/Programmer | ccardoza@csustan.edu | 209-667-3731 |