Partner Authentication with EdCast

Quick Start:

Welcome to the EdCast Partner Integration System. This document will explain how our partners can integrate with EdCast as an Identity Provider.

If you are familiar with setting up SAML SSO click here to fill out our onboarding form.


Background:

EdCast is Software as a Service providing a consolidation point for learners to engage with a variety of best in class learning & training content.

Each of our content providers need to be set up to leverage EdCast as an IDP so that we can provide the learners a seamless authentication experience from platform to provider.


How it Works:

EdCast will act as the Identity Provider and provide SAML metadata and a certificate to the Partner.

The Partner will set themselves up as the SAML consumer and provide EdCast a callback URL or Consumer Service URL.

Both parties will configure this URL on their respective endpoints.

Once the Partner receives the SAML metadata from EdCast they will configure it on their end.


Workflow Diagram:

This is a short representation of how this integration works.

Conventions are:

  • EdCast is the Identity Provider

  • Partner is the Service Provider


SAML Attributes

SAML attributes hold the necessary information required to connect with EdCast as the IDP.

The attributes are as follows:

Attribute Description
Certificate Holds SAML certificate that will help to validate the assertions
NameIDFormat An attribute that will provide unique identifier of a user in EdCast
SingleSignOnService An attribute that returns EdCast's IDP Login page
Issuer A unique identifier that must remain on both of the systems

These attributes will be provided as a metadata by EdCast.

Here is the attached sample SAML metadata.


SAML Response

Once a user is authenticated in EdCast the Partner platform will receive data in the form of an encoded SAML response.

This response will contain the information for the user who authenticated to our system.

The metadata which is configured will also be used to authorise the incoming SAML response.

Once a response is authorised, the SAML response will be decoded accordingly and user information can be accessed at the Partner's end.


What information does SAML response holds?

A SAML response holds the following information:

  • Certificate is set on both of the platforms. This verifyies that the response received from Identity provider is the expected one.
  • Issuer is the attribute that helps to verify that audience matches what is configured on the Identity Provider's end.
  • Consumer Service URL validates that the Identity Provider is valid and intended Partner's Callback URL.

NOTE: Expectation is a partner must validate these attributes.

SAML response also holds the following user information:

  • Email as an unique identifier in EdCast.
  • First and Last Name configured by a user in EdCast.

NOTE: These attributes are minimal and can be extended with more custom fields if needed.

Here is a sample SAML response.

© 2019 EdCast Inc.