Support for OAuth2 login

Introduction

Talis supports authentication using OAuth2 login.  This allows a system that doesn't use SAML to be connected to Talis products and for Talis to defer login authentication and authorisation to your university system.

Prerequisites

You OAuth2 authentication system should support the return of an id token in it's response.

Lead Time

Talis need to write some custom code to enable and configure OAuth2 for you and this requires a minimum 3 week turnaround to be scheduled. We can often deliver more quickly than that, but this allows for contingency in case of any issues when testing.

You should be aware that this work has a project timeline risk. Timelines to completion are sometimes outside of our direct control. Our experience tells us that not all OAuth2 systems are implemented in the same way, and for one customer system, it required them to fix their system to correctly support OAuth2 id tokens. 

Setup

You need to tell us the following pieces of information

  • The OAuth2 endpoint of your system, for example: https://identity.uni.tld/oauth/authorize
  • The OAuth2 token endpoint of your system, for example: https://identity.uni.tld/oauth/token
  • The Consumer Key
  • The Consumer Secret
  • The JWT Signing Secret
  • The signature method, for example: HMAC-SHA1

Your system will need to be configured with the following callback URLs

  • EU and APAC
    • http://login.talisaspire.com/consume
      https://login.talisaspire.com/consume
  • CA
    • http://login.ca.talis.com/consume
      https://login.ca.talis.com/consume

Your system needs to be sharing the following information with us in the id token. we will use this information to ensure that the product is personalised for the user and that they are using only the official University email address. You can read more about privacy and our GDPR compliance at https://talis.com/gdpr.

Attribute Name in the eduPerson Object Class Specification Talis Profile Field

Description

Mandatory

urn:oid:1.3.6.1.4.1.5923.1.1.1.10

Official documentation

Targeted ID A unique obfuscated identifier. We are aware that in future versions of eduPerson this will be deprecated. Transition information will be communicated at the appropriate time.

Desirable

urn:oid:2.5.4.42

Official documentation

First Name The first or given name of the user

Desirable

urn:oid:2.5.4.4

Official documentation

Surname The Family or Surname of the user

Desirable

urn:oid:0.9.2342.19200300.100.1.3

Official documentation

Email Address The email of the user.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.