Since every institution gets their own instance of Adobe Creative Cloud with which a connection needs to be configured, institutions need to sign in with the account that comes with their Adobe license. SURF does not have that information, so institutions need to configure part of the connection. After the institution has taken some steps, SURF also needs to take some steps to finish setting up the connection.
This document describes how to do this and is based on the experience of AVANS. Replace links as shown by what you have configured in your Adobe Application. After following the steps below the users of your IdP should be able to connect to Adobe Creative Cloud.
Now that you have configured the Directory as mentioned above you can link this directory to the previously created domains. Navigate to the 'Domains' screen as shown below:
By now, you should be finished with configuring the instance of Adobe Creative Cloud and it is ready to be used with SURFconext. Before you can use it to authenticate to the service using SURFconext, Adobe Creative Cloud needs to be configured in SURFconext. At this point there are three options for you to proceed:
Certificate
The certificate as generated by Adobe Creative Cloud is incompatible with the SP Dashboard. Remove the generated certificate to continue. You will not need this.
Adobe does not use standard attribute names. As a result, SURFconext will have to make adjustments to make this work. Send a mail to support@surfconext.nl and ask to enable attribute manipulation for the entity of the following attributes :
The code of the attribute manipulation will be similar to what you see below.
# Required attributes $attr_gn = 'urn:mace:dir:attribute-def:givenName'; $attr_sn = 'urn:mace:dir:attribute-def:sn'; $attr_mail = 'urn:mace:dir:attribute-def:mail'; # attributes to let through (ARP) $requiredAttributes = array( 'FirstName', 'LastName', 'Email' ); if (isset($attributes) and ($attributes !== FALSE)) { if (!empty($attributes[$attr_mail][0])) { $subjectId = $attributes[$attr_mail][0]; } if (!empty($attributes[$attr_gn])) { $attributes['FirstName'] = $attributes[$attr_gn]; } if (!empty($attributes[$attr_sn])) { $attributes['LastName'] = $attributes[$attr_sn]; } if (!empty($attributes[$attr_mail])) { $attributes['Email'] = $attributes[$attr_mail]; } } # Remove all other attributes foreach ($attributes as $k => $v) { if (!in_array($k, $requiredAttributes)) { unset($attributes[$k]); } }