Introduction
Talis supports authentication using OAuth2 login. This allows a system that doesn't use SAML to be connected to Talis products and for Talis to defer login authentication and authorisation to your university system.
Prerequisites
You OAuth2 authentication system should support the return of an id token in it's response.
Lead Time
Talis need to write some custom code to enable and configure OAuth2 for you and this requires a minimum 3 week turnaround to be scheduled. We can often deliver more quickly than that, but this allows for contingency in case of any issues when testing.
You should be aware that this work has a project timeline risk. Timelines to completion are sometimes outside of our direct control. Our experience tells us that not all OAuth2 systems are implemented in the same way, and for one customer system, it required them to fix their system to correctly support OAuth2 id tokens.
Setup
You need to tell us the following pieces of information
- The OAuth2 endpoint of your system, for example: https://identity.uni.tld/oauth/authorize
- The OAuth2 token endpoint of your system, for example: https://identity.uni.tld/oauth/token
- The Consumer Key
- The Consumer Secret
- The JWT Signing Secret
- The signature method, for example: HMAC-SHA1
Your system will need to be configured with the following callback URLs
- EU and APAC
-
http://login.talisaspire.com/consume
https://login.talisaspire.com/consume
-
- CA
-
http://login.ca.talis.com/consume
https://login.ca.talis.com/consume
-
Your system needs to be sharing the following information with us in the id token. we will use this information to ensure that the product is personalised for the user and that they are using only the official University email address. You can read more about privacy and our GDPR compliance at https://talis.com/gdpr.
Attribute Name in the eduPerson Object Class Specification | Talis Profile Field |
Description |
Mandatory urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
Targeted ID | A unique obfuscated identifier. We are aware that in future versions of eduPerson this will be deprecated. Transition information will be communicated at the appropriate time. |
Desirable urn:oid:2.5.4.42 |
First Name | The first or given name of the user |
Desirable urn:oid:2.5.4.4 |
Surname | The Family or Surname of the user |
Desirable urn:oid:0.9.2342.19200300.100.1.3 |
Email Address | The email of the user. |