You are the administrator of a locally installed Streaming Server

Owned by Patrick Engbert (Deactivated)
Last updated: Feb 26, 2021 by Brian Galler (Deactivated)
3 min read

As an administrator with full access to the streaming server and contacts with the appropriate IT people in your organization who manage the SAML 2.0 Identity Provider service, you will complete the setup process yourself.

Step 1: Enable SSO

  • Contact your Swank account manager. Tell them you are interested in setting up SAML SSO and ask that they enable Single Sign-on SAML for your site.
  • Once that has been enabled and you refresh your admin screen, you will see SAML Internal and SAML External navigations in the left pane.

Step 2: Set up SAML Internal

  • In your Streaming Server Admin, browse to SAML Internal
  • Your Swank account manager will supply a certificate file and password. Under Certificates click Add and add the file and password that were provided by your account manager.
  • Look at the Miscellaneous section and locate the PartnerName/EntityID field. Make sure that it is https://digitalcampus.swankmp.net
  • Click Download Settings. This will create a SAML Service Provider Metadata XML file.
  • Contact your IT department. Get in touch with the people who manage your already-existing SAML 2.0 Identity Provider service.
  • Provide the SAML Service Provider Metadata XML file that you just generated to your IT department. They will use it to configure their Identity Provider to work with Streaming Server.
  • Ask them for your SAML Identity Provider Metadata XML file. You will need this in the next step.

Step 3: Set up SAML External

  • In your Streaming Server Admin, browse to SAML External
  • Toggle the SAML Sign-In button to the On position
  • Press Load Settings. Load the SAML Identity Provider Metadata XML file that you received from your IT department in step 2, above. Do not enter an EntityID.
  • We now need to map attributes from the SAML Assertion to their corresponding data elements in Streaming Server.
    • Ask your IT department if their Identity Provider is using InCommon eduPerson SAML Attributes. If not, ask them to provide a list of Protocol-Level Attribute Names for first name, last name, user name, and email.
    • If not using InCommon eduPerson SAML attributes, you need to map your organization's attributes to the InCommon eduPerson attributes.
      • Toggle the Advanced Settings button to the On position
      • Locate the Mapping section and press Add
      • On the Add SAML Mapping screen change the Rule to Rename
      • In the Name field add the InCommon eduPerson SAML Attribute name for the field that you are mapping (see Table 2, below)
      • In the Value field add the name that your organization supplies for that attribute
      • Press Save
      • Repeat this mapping as needed until you have first name, last name, username, and email mapped appropriately
    • Ask your IT department to provide a list of Protocol-Level Attribute Names and partial Attribute Values to map SAML Attributes to User Roles.
      • On the SAML External Single Sign On page, add a role mapping for each user role that you want to map to a role in the Streaming Server
      • Locate the Roles section and press Add
      • In the Name of SAML Attribute field enter the name of the attribute that your organization sends for the role that you are mapping
      • In the Value of SAML Attribute field enter a value for an exact of partial match to determine the role
      • In the Role field enter the Streaming Server role to which you are mapping this name/value combination
      • Press Save
      • Repeat this role mapping for each role that you are mapping to Streaming Server
  • Press Save
  • You can now test your setup using the Test Settings button.
  • For a more detailed discussion of this configuration, see section Detailed Configuration Information, below.