Configuring ClassLink to authenticate to Digital Theatre+

This article explains the steps involved in configuring ClassLink to authenticate users to Digital Theatre+

Pre-requisites

1. You will need Digital Theatre+ metadata, which you can request by completing the form at https://sso.digitaltheatreplus.com 
2. You will need to have access to the ClassLink SAML Console at https://idp.classlink.com/admin
3. You will need to have access to the ClassLink LaunchPad Admin Console at https://launchpad.classlink.com/admin

Assumptions

Digital Theatre+ assumes that the SubjectNameId sent in the SAML response will have the syntax of an email address.  If this is not the case, you can send an additional attribute with the email address of the user contained within it.  See the last section of this page for details.

Step 1 - Add a new Service Provider

1. Go to https://idp.classlink.com/admin
2. Click Add new
3. In the name field, enter: Digital Theatre+
4. Instead of Metadata URL, click the "metadata xml" link underneath the field and copy/paste the contents of Digital Theatre+'s Service Provider Metadata XML file into the field.
5. Save the IDP
6. Copy the IdP Metadata URL 
7. Click the drop down next to the IdP Metadata URL, and select Copy IDP Initiate Login URL
8. Send (a) the IDP Metadata URL by replying to the support email thread, or if you have not started the process, open a new request via https://sso.digitaltheatreplus.com

Digital Theatre+ will import this information into their system to establish the trust between your Identity Provider and the Digital Theatre+ Service Provider.

Step 2 - Set up an App in ClassLink

1. Go to https://launchpad.classlink.com/admin
2. Go to Applications > Add & Assign Apps
3. Click Add
4. Enter the Application details as follows:
   1. Application Name: Digital Theatre+
   2. Category: Education
   3. Sub-category: General education
   4. Single Sign-App App: Yes
   5. Web address: Insert the Digital Theatre+ ACS URL provided in Digital Theatre+'s Metadata (it will look like this, with the last part being the unique identifier for you: https://auth.digitaltheatreplus.com/sso/saml2/<your-unique-id-goes-here>)
   6. Privacy URL: https://edu.digitaltheatreplus.com/privacy-policy
   7. Terms of Service URL: https://edu.digitaltheatreplus.com/terms/
   8. Click Save

Step 3 - Assign the App to Users

1. Go to https://launchpad.classlink.com/admin
2. Applications > Add & Assign Apps
3. Locate the entry for Digital Theatre+
4. Click the Assign button in the Assign App Column
5. Add the correct entities (these can be Profiles, Users, Organisations, Courses, so you will know which is right for you to  use)

Optional - Configure additional attributes

Classlink provides the ability to map user information to attributes.

To do this, you will need to:

1. Go to https://idp.classlink.com/admin
2. Select the IdP configured for Digital Theatre+
3. Select the Attributes to Add
   1. Most likely email will be needed, if it is not sent as the Subject Name ID.

Optional - Metadata Override 

If SubjectNameId isn't an email address you can override the value

1.  Access the SAML console link
2. Click on the 3 dots at the far right of the Digital Theatre+ link and select Edit  
3. Scroll down to Metadata Overrides
4. Click the dropdown for Select Fields to Override
5. Select NameId Value and then a new dropdown line will appears
6. Click the dropdown and choose a value which contains an email address for example OR:userEmail.  
7. Click Update