SAML is an authentication standard used by many systems, including Blackboard Learn, to authenticate a sign on request. In the case of UAS, you are creating an identity provider-initiated SAML response. You must configure a Blackboard Learn authentication adapter to accept the response from UAS. Course and URL forwarding in Blackboard Learn are handled through the standard SAML RelayState parameter.

The SAML authentication type can only be used for the outgoing authentication response, and you can only have one active SAML configuration. 

Configure UAS Settings

  1. Navigate to the UAS Settings screen.
  2. Select Add Authentication Adapter.
Add authentication adapter
AliasThis is a unique name for the adapter and is used in URLs. The alias will be stored as all lowercase letters and should not contain any special URL characters.
EnabledThis toggle determines whether the adapter is available for use.
Debug EnabledThis toggle determines whether debug statements are written to the logs for troubleshooting purposes.
Auth TypeSAML
Private KeyThe x509 private key. The value will only be visible while creating the adapter. (See Generate Public and Private Keys)
Public KeyThe x509 public key. This key will be shared with the SAML service provider via the generated data. (See Generate Public and Private Keys)
AudienceThe audience for this SAML response. The recommended value is your Blackboard Learn system base URL.
Destination URLWhen initially creating the adapter, this URL can be anything. You will need to provide the ACS URL from the Blackboard Learn authentication provider (step 3) after the initial configuration.
IssuerThis is how you want to identify the UAS service. Any value can be used. A suggested value is UAS_SAML.
DefaultThis toggle determines whether this is the SAML configuration that will be used. You can only have one Default enabled. Enabling this toggle will disable all other SAML configurations.
  1. Select Save to save your configuration.

Configure the Blackboard Learn authentication adapter

Before you begin, you need to copy your Site ID. To do so, access the Admin Panel in Blackboard Learn. Select the Cloud Connector link under Cloud Management. Copy the Site ID to use later in this process.

Add the Adapter

Access the Admin Panel. Select the Authentication link under Integrations. Select Create Provider to create a new provider and select SAML.

SAML option from Create Provider menu
  1. Provide a descriptive Name.
  2. Set to Active.
  3. Select either Username or Batch Uid, depending on the value that your system will be providing for the user ID.
  4. Select Restrict this provider to only the specified hostname to prevent the link from showing on the login page. You cannot launch the authentication flow from the login page and have it authenticate successfully.
  5. Enter localhost for Restricted Hostnames.
  6. Enter the link text. This text is not displayed anywhere but is still required.
  7. Select Save and Configure to move on to the SAML configuration.

Configure the adapter

  1. Ensure the ACS URL has the option with your site selected.
  2. Specify a value for the Entity ID. We recommend that you make this value your site URL.
  3. Select enable IdP-initiated SSO. Once selected, this will change your ACS URL. Copy the ACS URL value and update the SAML Adapter Destination URL in the UAS configuration with this URL.
  4. Leave the Single Logout Service Type set to the default.
  5. Leave the Data Source drop-down menu set to the default.
  6. Select the appropriate Compatible Data Sources which should be allowed to use this authentication provider.
  7. Do not select Enable JIT Provisioning.
  8. Optionally, enter a custom error message that will appear when a user is unable to authenticate with SAML single sign-on.
  9. Select Metadata URL for the Metadata Type.
    • The URL will be https://us.extensions.blackboard.com/api/v2/authadapters/sites/{siteId}/metadata where {siteID} can be found in the Cloud Connection Settings (copied at the beginning of this procedure).
    • Select the Verify button, and you should see a green checkmark. If there is an error in your UAS configuration, verify that you have a default SAML adapter enabled with created public and private keys and verify your URL is correct. Make sure you have updated the Destination URL as indicated in step three. You can test the URL in a new browser; it should return an XML document of your metadata.
  10. Set the remote user ID to NameID.
  11. Select Submit to save your configuration.