Objective | Set-up authentication between the Digital Archives and local campus Shibboleth (or other SAML-based) identity providers (IdP). |
Due date | 30 Jun 2023 |
Key outcomes | Campus identity management groups will configure their local IdP to authenticate with the Digital Archives. |
Status |
Problem Statement
Campus users will need to authenticate in order to upload new submissions or access restricted / embargoed materials in the Digital Archives.
Scope
Must have:
SP metadata published to InCommon.
All campuses – whether they have immediate plans to use Digital Archive or not – configured with release attributes similar to those of ScholarWorks
Not in scope:
Non-SAML based systems such as CAS or LDAP
Milestones and deadlines
Milestone | Owner | Deadline | Status |
|---|---|---|---|
SSL certificate |
| ||
Set-up Digital Archives Shibboleth SP |
| ||
Update Shibboleth SP to latest 3.x config syntax | David Walker |
| |
Register Digital Archives with InCommon | Marcus Mizushima |
| |
Initial testing with Chancellor’s Office IdP | David Walker |
| |
Provide documentation for configuring local IdP with release policy |
| ||
Distribute information to campus IdM groups | Marcus Mizushima |
| |
Library contacts to follow up with campus IdM groups | Project Managers |
| |
Manual exchange of metadata with Okta & Azure campuses |
| ||
All campuses authenticating properly |
|
Reference materials
Shibboleth Identity Provider Configuration
CSUConnect Service Provider Registration Document