Console | My SPs Menu

You can access the configuration for a Service Provider by either clicking on the name of the Service Provider on the dashboard, or by selecting the name of the Service Provider from the My SPs menu at the top of the page. 

hugo_hail_dashboard_with_mysp.png

This guide is designed to make setting up your service provider/application in the Cirrus Console as smooth as possible.

Service Provider Metadata

Cirrus Products require minimal configuration when used with Service Providers from InCommon or one of the other eduGAIN federations. In the United States, InCommon is the Higher Education federation, and the metadata for service providers is managed with the Federation Manager App. If you are a member institution of InCommon (you can view the list on their Current InCommon Participants page), make sure your Service Provider is registered.

Cirrus Products work equally well with Service Providers that are not registered with a federation — there are just some additional steps to setup the metadata. Contact support@cirrusidentity.com and we can provide you with guidance.

Set SAML DiscoveryResponse In Metadata

One of the pieces of information that can be supplied about your SP to the InCommon Federation Manager is something called the "Discovery Response Endpoint". This information is usually generated by your SP software, but since it is not mandatory in the Federation Manager App, sometimes the information is not entered. This SAMLDiscoveryResponse endpoint must be entered into the form for your SP. If you have questions about what this endpoint value is, contact your campus/institution Identity Management group, and they should be able to help you figure out what this is. If not, contact support@cirrusidentity.com, and we can provide you with guidance.

Application Response Location

A SAML service provider needs to know where to send a user after he or she has authenticated and the service provider has handled the authentication request for the user. This location is the “application response location”, and it is a URL on your application which usually handles logging a user into the application itself.

Social Provider Configuration

In order to allow your application/service provider to use social login with the Cirrus Gateway, you need to establish an OAuth key and secret with each of the providers you wish to use. Doing this setup sets up a trust relationship between your SP, the Cirrus Gateway, the Social Provider, and ultimately the end-user. To establish this trust, you provide details about your application like name, a logo, and maybe a privacy policy. The Cirrus Gateway will provide technical information in the form of a authorized redirect URL. Finally, the Social Provider will provide an API key and secret to securely bind the authentication flow together. You will want to review the Cirrus Gateway getting started as well as the Initial Social Provider API Integrations section.

The basic attributes for each service provider are configured at the top of the Gateway Service page. Help for each attribute is also provided on the page. 

hugo_gateway_w_soc.png

The Social Providers available for the Service Provider to authenticate are selected at the bottom of the Gateway Service page. Providers selected will be available for configuration, and later presentation in the Discovery Service.

soc_option.png

The list of Social Providers that can be configure for each Service Provider are listed to the left. When initially enabled, the Cirrus Identity Console will indicate providers need to be configured. The mapping of the attributes for each Social Provider may also be accessed at the bottom of the list.

soc_unconfig.png

Configuring Discovery

The Cirrus Discovery Service allows you to include both traditional Identity Providers (IdPs) like your home institution as well as social login options from the Cirrus Gateway in a unified login user interface that conforms to the SAML V2 Discovery Profile. The Discovery Service page in the Cirrus Console is where you configure which Identity Providers are allowed to access the Service Provider. See both Cirrus Discovery getting started and Using Discovery Service for more details.