SSO Properties

In a single sign-on (SSO) environment, subscribers log in only once to an identity provider (IDP), and do not need to log in again when accessing iServices Subscriber pages. The SSO Properties option allows sites to map the SAML, OpenID or Syncronex attributes requested from or returned by an IDP to attribute values expected by iServices Subscriber. See the iServices Subscriber manual for more information.

To access this option, select Miscellaneous | SSO Properties.

The SSO Request properties initially display. These are properties sent to the IDP by iServices. The Usage attribute specifies the source of the SSO request (e.g. was it triggered from Login, registration, or new subscription process). It is sent to the IDP to help determine whether the user is logged in. Users not logged in must log in or register with the IDP.

The other request properties are mainly used to send the IDP name and address information in the case where a user enters a new start before registering; this allows the IDP to prefill the information on the Registration page, so that the user does not need to re-enter it.

Set the Properties field to SSO Response to define the values that should be mapped to responses sent to iServices Subscriber by the IDP when a user logs in.

To map a corresponding value in iServices Subscriber, enter that value in the Value column. For example, you may want to use the subscription ID in Circulation as the subscriber’s “AccountNumber” for identification within the single signon environment. If so, you would enter “SubscriptionID” in the Value column. Press the Esc key to leave field entry mode. You can then select a different Properties area, or click Exit exit from SSO Properties.