'How to integrate SSO with a university? [closed]

I have a django website and I'd like to allow students from a few universities to login to it using their university credentials.

I understand that I need to register with each of these universities first but what is that process like and what do I need to prepare on my end?

single-sign-onsamlcasshibbolethidp


Solution 1:[1]

You have tagged SAML in you question so I will explain based on that. If you set up a integration with the universities using SAML, you will need to have software at your end to act as a SAML Service Provider(SP) and the universities will act as SAML Identiy Providers(IdP).

Tyipcal scenario.

  1. When as student enters your site
  2. User choose the university were they have an account.
  3. User is redirected to the university login site with a SAML authentication request
  4. User signs in to the usniversity login and is redirected back to you page with a SAML response, containing an SAML assertion.

The SAML assertion is the proof of authentication and you then validate this and let the user in to your site. The assertion also typically contain information about the user you can use in your application.

To set up this authentication, you will need a SAML SP software. A quick google suggest this might be something. You then need to contact the univerities and give them a metadata XML file from your software that tells them about your service. You also get a metadata XML from them that you import in your software to say that you trust them to authenticate users.

All this is ofcourse dependent on that the univerities want to allow you to use them to authenticate users.

Solution 2:[2]

You can ask your NREN. https://en.wikipedia.org/wiki/National_research_and_education_network

Usually a NREN will run a national federation which provides SSO for the research and education organizations such as the universities. From your side you have to implement/install a working Service Provider, the easiest one IMO is the shibboleth Service Provider. Then you ask your NREN to join the federation as a SP with your metadata (for shibboleth you can view your metadata at fqdn/Shibboleth.sso/Metadata). If you join the federation an your SP's metadata are published then the only thing that needs to be done by universities is to release the requested attributes to your service with an attribute-filter.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Stefan Rasmusson
Solution 2 Halil Adem

Related Questions

Rails authentication strategy

Login Failure: Pool is empty and connection creation failed

User Auth/Identity Service that takes care of social logins?

Logout from Keycloak does not logout Active Directory User

SNOWFLAKE - AZURE ACTIVE DIRECTORY Integration

Everytime I change my Microsoft Teams Tab's code the content of the tab does not change

React-router HashRouter When redirecting root URL with query parameters, route gets appended after params

Symfony 6 - CAS Bundle

Apache superset with Okta integration

Azure AD OIDC Single Sign-On with HashiCorp Vault - Interactive Login Prompt Not Appearing

How to enable sign-in with Google on Backstage?

How to enable sign-in with Google on Backstage?

SAML SP Metadata XML SSO, Recipient and Destination URLs

How to use the AWS Python SDK while connecting via SSO credentials

Best practice: Generate email link to bypass authentication