This documentation will help you integrate your identity services with Adobe Connect Managed Services (ACMS) through Internet2's NET+ program. Associated portions of the NET+ Identity Guidance for Services are noted to by section.
Discovery and Authentication
ACMS uses URL-based addresses that are unique to each customer to redirect users back to the right IdP(1.1.1). A local username/password dialog box is also optionally available for users that don't have accounts at the IdP(1.3). Multiple IdP's may not be used with any given instance of ACMS.
Attributes
ACMS can receive any attributes that your IdP would like to send, configurable using an attribute mapping interface exposed by the SP. The below are the default SAML attribute mappings to attributes as understood by Adobe Connect.
ACMS Attribute |
Recommended SAML Attribute Name |
Optional |
|---|---|---|
First Name |
urn:oid:2.5.4.42 |
No |
Last Name |
urn:oid:2.5.4.4 |
No |
eduPersonPrincipalName |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
No |
Email Address |
urn:oid:0.9.2342.19200300.100.1.3 |
No |
Privileges
ACMS manages all user privileges inside the application(2.5.3). All users are normal users by default. Administrators can be designated by Adobe Connect Administrators after they have authenticated at least once to ACMS.
Provisioning
Users are provisioned to ACMS using dynamic front channel provisioning (3.1).
Deprovisioning
Deprovisioning of provisioned information in ACMS is under implementation and is not currently supported.
Logout
ACMS performs local logout with an optional redirection to a logout service configurable per ACMS instance (5.1.1).
Implementation
ACMS uses Shibboleth as its SAML solution.
Metadata Support
ACMS is able to load InCommon metadata and can publish its own metadata to the federation.
Non-Browser Access
There is no non-browser access to ACMS.