This documentation will help you integrate your identity services with Adobe Connect Managed Services (ACMS) through Internet2's NET+ program. Associated portions of the NET+ Identity Guidance for Services are noted to by section.
ACMS uses URL-based addresses that are unique to each customer to redirect users back to the right IdP(1.1.1). A local username/password dialog box is also optionally available for users that don't have accounts at the IdP(1.3). Multiple IdP's may not be used with any given instance of ACMS.
ACMS can receive any attributes that your IdP would like to send, configurable using an attribute mapping interface exposed by the SP. The below are the default SAML attribute mappings to attributes as understood by Adobe Connect.
ACMS Attribute |
Recommended SAML Attribute Name |
Optional |
---|---|---|
First Name |
urn:oid:2.5.4.42 |
No |
Last Name |
urn:oid:2.5.4.4 |
No |
eduPersonPrincipalName |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
No |
Email Address |
urn:oid:0.9.2342.19200300.100.1.3 |
No |
ACMS manages all user privileges inside the application(2.5.3). All users are normal users by default. Administrators can be designated by Adobe Connect Administrators after they have authenticated at least once to ACMS.
Users are provisioned to ACMS using dynamic front channel provisioning (3.1).
Deprovisioning of provisioned information in ACMS is under implementation and is not currently supported.
ACMS performs local logout with an optional redirection to a logout service configurable per ACMS instance (5.1.1).
ACMS uses Shibboleth as its SAML solution.
ACMS is able to load InCommon metadata and can publish its own metadata to the federation.
There is no non-browser access to ACMS.
Add XYZ to
Add DEF to
|
ADFS example herein |