The following information is needed to set up Single Sign On via SAML 2. Credo initializes the request from our end.
Basic Overview:
- Service Provider Information: Credo Education provides SAML2-based Single Sign-On to an assessment management platform.
- How We Provision Accounts: Just in time provisioning (e.g. the account is created once the user clicks on a link in your system)
- How is it Initiated: IdP Intiated (your system send the initial request)
Information we need:
- IdP Slug (a short string like ‘yourcollege’)
- Entity ID (Example: https://idp.testshib.org/idp/shibboleth)
- Metadata URL, if different from Entity ID
- Preferred name of the authentication method (something like “Your College Students”) to show to the users.
You will need to release username, email and fullname to us.
Credo’s metadata URL, if needed, is:
https://[yourschool].credocourseware.com/auth/saml/metadata.xml
Our SAML library requires SubjectConfirmationData section in order to bypass a registration form for users. It should look something like this:
<saml:SubjectConfirmation Method=”urn:oasis:names:tc:SAML:2.0:cm:bearer”>
<saml:SubjectConfirmationData NotOnOrAfter=”2024-01-18T06:21:48Z” Recipient=”http://sp.example.com/demo1/index.php?acs” InResponseTo=”ONELOGIN_4fee3b046395c4e751011e97f8900b5273d56685″/
</saml:SubjectConfirmation>
Recipient param should be the same as Destination or contain Destination.
For Credo it is: https://credocourseware.com/auth/complete/tpa-saml/. The slash at the end of the URL is required.
This Recipient format is also acceptable: https://credocourseware.com/auth/complete/tpa-saml/bla-bla-ba/xyz/?a=1&b=2
In order to bypass our registration form for users, we need the following information in the XML AttributeStatement configuration:
- Username
- Full Name
Finally, we will either need test credentials to verify that login is working properly, or we will need to have you test the connection out.
— Back to Enrollment Options
