Presentation is loading. Please wait.

Presentation is loading. Please wait.

New Primo Authentication

Published byHadi Rachman Modified over 5 years ago

Similar presentations

Presentation on theme: "New Primo Authentication"— Presentation transcript:

1 New Primo Authentication
Transitioning from PDS to SAML Paul McBride | Senior Primo Support Analyst Wei Dai | Technical Infrastructure Analyst

2 Welcome and Introductions
Paul McBride Tier2 Primo Senior Support Analyst Joined Ex Libris in 2010 SME on Primo APIs 10 years corporate IT application development & support Wei Dai Infrastructure Support Specialist Joined Ex Libris in 2005 Previously did application development for academic libraries

3 Objectives and Target Audience
Supported Authentication methods Cascading login Parallel login New Primo Authentication: able to: Plan for moving to the Primo Authentication Manager Understand the advantages and limits of this new option Configure and enable a Profile Session Objective(s) New or Experienced Customers Systems or Technical Librarians Developers Familiarity with current authentication setup Session Target Audience: Short description of the session Session objectives: (what is it the audience will be now & be able to do as a result of the session?) and appropriate audience for the session. Intended Target Audience

4 1 2 3 4 5 Agenda Primo Authentication Manager How It Works
Configuration 4 Customization & Sandbox 5 Next Steps and Support Resources

5 Primo Authentication Manager

6 Primo Authentication Manager – Supported methods
Single Sign-On SAML CAS Direct Login LDAP Aleph Future: ExLibris Cloud Identity Provider OAuth2 Facebook Google Twitter Password-less sign in PAUL ADFS is aka Active Directory This is only for Patrons, not Primo Staff users * Cannot be used with Aleph or Voyager

7 Primo Authentication Manager - Features
Parallel Login Any login type (Up to 5) Cascading Login Multiple Direct Login instances Attribute Mapping Similar to PDS Back Office interface No need for server access Simplified Configuration Streamlined configuration for each authentication method Customer Configuration Entirely configured and maintained by customers PAUL ADFS is aka Active Directory – This is only for Patrons, not Primo Staff users

8 Search Preferences (e.g. results per page)
Patron ID in Primo Patron ID E-Shelf Saved Search Saved Search Alerts Tags & Reviews Search Preferences (e.g. results per page) Personalized Results A good indicator you may run into this problem is if you have to add an identifier to the Alma record -- Switching may result in the ID changing and missing info from eshelf etc..

9 How It Works

10 Authentication & Authorization Flow
Authority Patron Information Source Login request Identity Confirmed Return ID code User ID confirmed Return user information Login Success Session created Request user info (GUEST) This flow is independent, regardless of the chosen authentication method Process received information

11 OAuth2 – Authentication Flow
Send invitation Choose Oauth system and send request User consents. (Facebook, Google, Twitter) Login request Token received Adding social ID to user identifiers Request userID Create and deliver access – token & Social ID Primo accesses Social Login via Alma – Explain difference between self-registration enabled/disabled. Second time login starts from the Request ID based on User token. Session created Request user info (GUEST) Identity Confirmed Return ID code Token Verified Send confirmation

12 Request & Loans API Start Verification process Find user by session ID
Load Alma iFrame Request URL + Session ID Session ID Find user by session ID 1. PDShandle – is using a token instead of UID for security reasons, http request secure. User Identity Request/Loan Displayed User verified and authorized Request / Loan information

13 Configuration

14 1 2 3 4 5 Configuration Configuring a Profile Cascading Login
Parallel Login 4 Attribute & Value Mapping 5 Alma Configuration

15 Configuration – Ongoing Configuration Wizards > User Authentication Wizard
Discuss how to activate and de-activate a profile (JUST USE THE DROPDOWNS)

16 SAML Configuration Notice- Cert File from IdP is uploaded here

17 CAS Configuration Very streamlined/simplified compared to PDS/CAS

18 LDAP Configuration Cert for LDAP exits on Customer’s side – not Primo’s Certificate must be signed by a certificate authority recognized by Primo

19 Cascading Login Profile – Creating

20 Cascading Login Profile – Profile Selection

21 Cascading Login Profile

22 Attribute & Value Mapping Example
User information source parameters Defaults used for Aleph Available after you save a profile Defaults are filled in for you appropriate for Source system

23 Attributes List Attribute Description email_address
The user’s address. Primo will use this address if the user does not have an address defined in Primo. If the  _OVERRIDE authentication parameter has been enabled, the value of this attribute will override the address defined for the user in Primo. For Alma the default mapping is  _address. group The user group. For Alma the default mapping is group. id The user ID. For Alma the default mapping is id. ils_api_id The ID used for OPAC via Primo in case it is not the same as the regular ID. For Alma there is no default mapping because this attribute is not required for Alma. institute The Primo institution. This attribute can be used if there is a need to override the institution that the user signed in with (that is the institution of the view). For Alma there is no default mapping because the Primo institution defaults to the institution of the active view. If you want to override the institution of the view, you can specify an Alma attribute. name The name that displays for the user in the Primo Front End. For Alma the default mapping is userName.

24 Alma Configuration – Primo PDS URL
Update the primo_pds_url Found under Alma > General Configuration > Configuration Menu > General Configuration > Other Settings Set it to a URL formatted like: PAUL You should set HTTP or HTTPS to match the setting in Primo for OvP

25 Alma Configuration – Patron Identifier
Check patron record for identifier value and make sure they have the “Patron” permissions The secondary identifiers are case sensitive

26 Customization & Sandbox

27 Parallel Login Code Tables -> User Login
This selection page has customized to reflect the Main and Secondary Profiles that were configured in the User Authentication Wizard. Beyond the verbiage updates, any other customizations to colors, logos, background, etc. can be completed by the customer, as they can use the Uploader Tool in the Primo Back Office to load the login page CSS files to the same directory where the FE CSS customizations have been uploaded. Once they are uploaded the customer can map the CSS directory in the Static HTML section of the View Configurations for their Institution.

28 Direct Login This selection page has customized to reflect the Main and Secondary Profiles that were configured in the User Authentication Wizard. Beyond the verbiage updates, any other customizations to colors, logos, background, etc. can be completed by the customer, as they can use the Uploader Tool in the Primo Back Office to load the login page CSS files to the same directory where the FE CSS customizations have been uploaded. Once they are uploaded the customer can map the CSS directory in the Static HTML section of the View Configurations for their Institution.

29 In Alma In Primo Sandbox Testing
Update primo_test_pds_url to your Primo Sandbox Add the Primo Sandbox FE IP addresses to PDS IPs table In Primo Append &env_type=test to the Template Code field of almasingle_services Almaviewit_remote Almagetit_remote Almagetit Almasingle_service_remote almaviewit_services almagetit_services Almasingle_service Almaviewit PAUL

30 Next Steps and Support Resources
Customer Knowledge Center Primo User Authentication Attribute Mapping Primo Authentication configured and working but Alma GetIt still wants me to sign in Changing to vanity URL: Working with custom domain names on hosted ExLibris environments Additional support resources within the ExLibris Ecosystem: Idea Exchange System Status Pages: Single Tenant ENV / Multi-Tenant ENV Developer Network Technical Seminar Presentations (located in the Cross-Product section of the CKC) PAUL Mention what it is the audience should do after the tech seminar is over – how they retain what they learned. Mention links to relevant documentation articles associated with your topic. Refer to Idea Exchange to provide development ideas for features they think are important to add Systems Status page Dev Network They can find this session – all of the Tech Seminar – presentations in the CKC (link to the article).

31 Q & A Any Questions? Any last questions?

32 Session Feedback We Value Your Feedback! Please complete the brief Session Comment Card:

33 THANK YOU

Download ppt "New Primo Authentication"

Similar presentations

MY NCBI (module 4.5). MODULE 4.5 PubMed/How to Use MY NCBI Instructions - This part of the: course is a PowerPoint demonstration intended to introduce.

MY NCBI (module 4.5). MODULE 4.5 PubMed/How to Use MY NCBI Instructions - This part of the: course is a PowerPoint demonstration intended to introduce.
MY NCBI (module 4.5). MODULE 4.5 PubMed/How to Use MY NCBI Instructions - This part of the: course is a PowerPoint demonstration intended to introduce.

MY NCBI (module 4.5). MODULE 4.5 PubMed/How to Use MY NCBI Instructions - This part of the: course is a PowerPoint demonstration intended to introduce.
Indispensable tools for research at its best www.refworks-cos.com COS Pivot: Accessing Pivot and Managing Your Profile.

Indispensable tools for research at its best COS Pivot: Accessing Pivot and Managing Your Profile.
MY NCBI (module 4.5). MODULE 4.5 PubMed/How to Use MY NCBI Instructions - This part of the:  course is a PowerPoint demonstration intended to introduce.

MY NCBI (module 4.5). MODULE 4.5 PubMed/How to Use MY NCBI Instructions - This part of the:  course is a PowerPoint demonstration intended to introduce.
MY NCBI (module 4.5).

MY NCBI (module 4.5).
Guide to using the myNATE website

Guide to using the myNATE website
Resource Discovery Module DigiTool Version 3.0. Resource Discovery 2 Deposit Approval Search & Index Dispatcher & Viewers Single & Bulk Web Services DigiTool.

Resource Discovery Module DigiTool Version 3.0. Resource Discovery 2 Deposit Approval Search & Index Dispatcher & Viewers Single & Bulk Web Services DigiTool.
South Dakota Library Network MetaLib Management Basics IP Ranges / Proxy Servers South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD.

South Dakota Library Network MetaLib Management Basics IP Ranges / Proxy Servers South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD.
Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.

Getting started on informaworld™ How do I register my institution with informaworld™? How is my institution’s online access activated? What do I do if.
Version 18 Upgrade: Web OPAC. Version 18 Upgrade: Web OPAC Customization 2 All of the information in this document is the property of Ex Libris Ltd. It.

Version 18 Upgrade: Web OPAC. Version 18 Upgrade: Web OPAC Customization 2 All of the information in this document is the property of Ex Libris Ltd. It.
EBSCOadmin. Select Change Password Select EBSCOadmin Security.

EBSCOadmin. Select Change Password Select EBSCOadmin Security.
South Dakota Library Network MetaLib Management Basics Adding Resources South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD 57799 www.sdln.net.

South Dakota Library Network MetaLib Management Basics Adding Resources South Dakota Library Network 1200 University, Unit 9672 Spearfish, SD
Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.

Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.
Google Apps (Education Edition) A step guide to a successful deployment January 10 th, 2008 California Technology Assistance Project www.ctap1.org.

Google Apps (Education Edition) A step guide to a successful deployment January 10 th, 2008 California Technology Assistance Project
© 2014 IBM Corporation External Collaboration IBM Connections 5.0 Workshop IBM Ecosystem Development Duration: 30 minutes.

© 2014 IBM Corporation External Collaboration IBM Connections 5.0 Workshop IBM Ecosystem Development Duration: 30 minutes.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
1 Designing and using normalization rules Yoel Kortick Senior Librarian, Ex Libris.

1 Designing and using normalization rules Yoel Kortick Senior Librarian, Ex Libris.
1 Discovery Interface Display Logic Yoel Kortick Senior Librarian.

1 Discovery Interface Display Logic Yoel Kortick Senior Librarian.
Libraries Organizations & Users Updated: 18-Jun-2006.

Libraries Organizations & Users Updated: 18-Jun-2006.
Justin Scheitlin Daisey Fahringer

Justin Scheitlin Daisey Fahringer

Similar presentations

Ads by Google