Preamble:
The provisioning and configuration needed for AccessIT requires data from the schools SMS.
This requires a more complex system that simple SAML and OpenID.
This is a three step process.

A: Provisioning AccessIT by schedule

B: The process of SSO configuration for AccessIT

AccessIT to run a batch file here to create a metadata file which they will then need to send to your IDP (Aka Crystal - Geoff or Barry).
Crystal then sends AccessIT back an xml file or a URL to an xml file.

• AccessIT needs the IdP metadata from here https://idp.crystal.school.nz/simplesaml/saml2/idp/metadata.php?output=xhtml
  and
• The metadata that they will generate from the AccessIT service will need to be installed on the IdP.
  and
• AccessIT will need to know the school's URL to the SAML servlet.
  This is the URL to the servlet that will process the SAML transactions.
  The pattern will be [root url]/saml e.g. http://library.collingwood-area.school.nz:2000/saml
• AccessIT to create a saml folder for Crystal to install in your jetty installation.

C: Remote access to the web site and OPAC

<< For full instructions- see Crystal FAQs >>

This is the standard AccessIT documentation for SSO

The process for getting our customers set up for Single Sign On involves six steps. Steps 1 to 3 involve a bit of work, while Steps 4 to 6 are quite straightforward.

• Step 1 needs to be undertaken by you. The requirement is for the Single Sign On ID field in Access-It to be populated with one of SMS ID, Email or StudentNSN, as decided by you. However, SMS ID is a good field to use. It's definitely a better field to use than Email, because some students use their parent's email address, and if you have siblings using the same parent's email address, then there could be a problem with duplicates.
  Hint: Use the Crystal Username.

How ... run the manual Access-It Borrower Import process to import the data Crystal username into the Single Sign On ID field in Access-It.

• Step 2 is for us to run a batch file here to create a SP metadata file which you need to send to your IDP. They then need to send us back either an IDP metadata file or else a URL to such a file. Presumably your IDP will know what needs to be done here.

For this step, we need you to let us know the school's URL to the SAML servlet. This is the URL to the servlet that will process the SAML transactions. The pattern will be [root url]/saml e.g. http://www.xxxxx.school.nz:2000/saml

• Step 3 is for us to create a saml folder for you to install in your jetty installation.

AccessIT look forward to hearing back from you with the required URL to the SAML servlet.

Regards etc

*******************************************************