iTunes U runs a Shibboleth Service Provider (SP) within the InCommon Federation that works with any Identity Provider (IdP) in the Federation. If you run a Shibboleth IdP in the InCommon Federation, you can integrate with iTunes U and access iTunes U pages, features, and content.
To correctly integrate with the iTunes U Shibboleth SP, you need to modify your Attributes Release Policy (ARP) configuration to include the attributes listed in the following tables. The tables list the attributes and values, in order of importance, iTunes U looks for when granting users access to content, along with mappings to iTunes U credential and identity authorization token data keys and values.
iTunes U supports the following Shibboleth ports: 8443, 7443, and 8444.
Attribute Name | Example Value | iTunes U credential Token Data Key and Value |
|---|---|---|
urn:mace:dir:attribute-def:eduPersonEntitlement | urn:mace:institution.edu:course:chem323:student | credential For details on the iTunes U credential token data key, see “Generating the Token Data.” |
This attribute is optional. However, if you do not send credential information, users might not have the appropriate permissions to access your iTunes U site, pages, features, and content. | ||
Attribute Name | Example Value | iTunes U identity Token Data Keys and Values |
|---|---|---|
urn:mace:dir:attribute-def:displayName | Jane Doe | displayName For details on the iTunes U identity token data key, see “Generating the Token Data.” |
urn:mace:dir:attribute-def:mail | jdoe@institution.edu | emailAddress For details on the iTunes U identity token data key, see “Generating the Token Data.” |
urn:mace:dir:attribute-def:eduPersonPrincipalName | jdoe | username For details on the iTunes U identity token data key, see “Generating the Token Data.” |
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | 7939f11e99bf0362d3d0fde84ef78e90 | userIdentifier For details on the iTunes U identity token data key, see “Generating the Token Data.” |
These attributes are optional. However, If you do not send identity information, iTunes U cannot provide detailed information in reports and log files about your users and the actions they perform. | ||
The following is a sample of a URL used within an institutions webpage to link to an iTunes U site.
https://deimos.apple.com/Shibboleth.sso?providerId=urn:mace:incommon:example.edu&target=https://deimos.apple.com/WebObjects/ShibTransfer.woa/Browse/example.edu |
Where providerId is the provider Id for the IdP and target is the destination.
The following is a sample of a URL used within an institutions webpage to link to an exact page within an iTunes U site.
https://deimos.apple.com/Shibboleth.sso?providerId=urn:mace:incommon:example.edu&target=https://deimos.apple.com/WebObjects/ShibTransfer.woa/Browse/example.edu.01169402467 |
Where the last portion of the link is the iTunes U destination information for the group. For more information see, “Linking to iTunes U.”
For help debugging any problems you encounter, iTunes U provides an Access Debugging page containing information that may be helpful in solving many of your site and access problems, including information about the identity and credentials received and the access provided to the specified URL destination. To access the page, append the Debug Suffix displayed in the Edit Site Settings page (available only to the primary administrator) to the end of your site URL. For example, using the previous site URL and a Debug Suffix from the Edit Site Settings page of “qkz566”, your debug URL would be:
https://deimos.apple.com/Shibboleth.sso?providerId=urn:mace:incommon:example.edu&target=https://deimos.apple.com/WebObjects/ShibTransfer.woa/Browse/example.edu/qkz566 |
For more information, see “Debugging Site Access and Integration.”
Depending on the attributes received and the permissions you defined within your iTunes U site, iTunes U provides users access iTunes U pages, features, and content. For information on how to control a user’s permissions and actions to iTunes U pages and groups, see “Controlling User Access.”
For more information on InCommon and Shibboleth, see http://www.incommonfederation.org/ and http://shibboleth.internet2.edu/.
© 2009 Apple Inc. All Rights Reserved. (Last updated: 2009-11-04)