API v1.0 : Single sign-on via SAML - www.pretnumerique.ca

SAML SSO client configuration

Our SAML client offers various services that simplify the transfer between systems by making authentication and logout completely transparent for the patron.

First, log in as a manager. In the administration interface, click on the "Organization" tab and scroll down to the "Security" section. You will find under SAML the "Settings" and "Services" sections.

Settings

To use these services, two settings are required: certificate fingerprint and query compression.

1. Certificate fingerprint

In this field, enter the fingerprint of the certificate that will be used to sign SAML queries. (Example of format: 3C:6B:DE:6C:A0:A1:AE:6A:E9:D5:BF:B3:67:AB:12:4E:1B:98:8B:FB)

2. Compressing query

This setting determines whether SAML queries are compressed. Usually, queries should always be compressed. However, sending uncompressed queries can be useful in certain specific situations. Choose this option with care.

Services

3. Consuming URL (site authentication and access)

This service allows a patron to connect and authenticate to www.pretnumerique.ca. You must use this service to authenticate a patron and allow access to www.pretnumerique.ca. A typical scenario would be a patron trying to access www.pretnumerique.ca via the library's Web portal.

post https://www.pretnumerique.ca/sso/saml/consume

Settings

Name	Required	Description
saml_response	Yes	SAML signed query for the connection. The value of the NameID field must be the patron's number.
isbn	No	ID of the resource to which you want to redirect the patron. If no parameter is provided, the patron will be redirected to the list of resources.

4. Logout URL

URL that the identity provider may use to force logout a patron from www.pretnumerique.ca.

post https://www.pretnumerique.ca/sso/saml/signout

Advanced features

Advanced features allow www.pretnumerique.ca to call or use your identity provider's services.

5. Identity provider's authentication URL

Allows redirection to your identity provider's authentication page when needed.

6. Identity provider's logout URL

URL that www.pretnumerique.ca must use to notify the identity provider of a logout.