Czech National Library of Technology started to license GoodData and wish to use federated authentication, institutional sign in at GoodData. In GoodData documentation I can see that SAML authentication is supported, but I am missing GoodData Service Provider registration in eduGAIN. Could you register GoodData SP in eduGAIN, pls.?
Best answer by Moises Morales
View original
Hi Jiri,
Thank you for your question. May we know which GoodData product are you using? Is it GoodData hosted platform or is it GoodData Cloud?
If you are using the hosted version, it supports SAML SSO. A comprenhensive guide on how to set it up is explained here: Getting started with SSO | The GoodData Community
An overview of how it works can be found here: Single Sign-On Overview - Gooddata Free
Let us know if this helps or if you have further questions.
-Moises
Hi Moises,
the library has GoodData Analytics Platform - Growth Subscription Plan. Is it the hosted platform?
Cheers
Jiri
Yes, this is the hosted platform.
Thanks. Could you register GoodData Service Provider in eduGAIN? - https://edugain.org/
The library Identity Provider is registered in eduGAIN via eduID.cz -
https://met.refeds.org/met/entity/https%253A%252F%252Fshibboleth.techlib.cz%252Fidp%252Fshibboleth/
Hi Jiri,
That is something we would need to discuss internally. Can you please share with us more details why would you need GoodData to register in eduGAIN?
Thank you
Jan
Hi Jan,
when GoodData Service Provider is registered in eduGAIN, setting up access for National Library of Technology
is very easy and standard way for the library. Universities and libraries around the world will also benefit from
easy access set up.
When GoodData SP is registered in eduGAIN, you just allow access for users authenticated by the library IdP
with eduPersonEntitlement attribute value urn:mace:dir:entitlement:common-lib-terms meaning that the user
is allowed to access GoodData service according to the license.
You may like to check https://www.fim4l.org/?page_id=257
Best
Jiri
Hi Jan,
let me add that there are new entity categories from REFEDS for attributes release - https://refeds.org/specifications
Pseudonymous Access will be probably the best fit for GoodData service - https://refeds.org/category/pseudonymous
All the best
Jiri
Dear Jan,
Let me add the explanation why we (National Library of Technology, Czech Rep.) wish to register GoodData in eduGain:
We have just started piloting data analyses on GoodData platform and we would like to share them with our key contact persons from the members of our library academic consortium CzechELib. This includes virtually all higher education institutions in the Czech Rep. (all univs), Academy of Sciences institutes and other research institutions. Nearly all of them have setup the SSO using the CESNET infrastructure (EDUId.cz federation, which is somehow connected to EDUGain - don’t ask me about details :) ). We’ve successfully used this for other systems and it would be very convenient for us to just add another Service Provider.
Jiri Pavlik is able to provide all technical details, I just wanted to explain the background.
With best regards
Jiri Jirat
Hi Jan,
I am happy to provide you with the library test account if it helps for setting up federated authentication at GoodData.
Could you provide Jiri Jirat and me with an update regarding GoodData SP registration in eduGAIN, please?
Best regards
Jiri
Hi Jiri,
I’m afraid to say that at this moment we are not considering registering GoodData in eduGAIN. Should you have further questions about this, please feel free to reach out to your Account Manager.
Best regards,
-Moises
Hi Moises,
could you advise, please, what are your-subdomain-name a domainId for sign in via National Library of Technology IdP to account licensed by CzechELib? Service Provider-initiated Scenario, step 2, https://help.gooddata.com/doc/enterprise/en/expand-your-gooddata-platform/gooddata-integration-into-your-application/set-up-user-authentication-and-sso/saml-sso-with-gooddata
BR
Jiri
Hi Jiri, your subdomain is the first part of your GoodData hostname before “.gooddata.com”; your GoodData domain id is czechelib, this is what you will need to use in the API endpoints when configuring your SSO provider. I can also recommend checking this comprenhensive guide for more information: Getting started with SSO | The GoodData Community
-Moises
Sign in with your community account. This is different than your login to your GoodData account. Don't have a community login? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
