At Frog we follow a standard integration process for all our 3rd party applications, using SAML2. We provide an Identity Provider (IdP) and your app should implement a Service Provider (SP).
If you don’t have a service provider already implemented, there are plenty of libraries available to integrate.
We use SimpleSAMLphp, please note the configuration of SAML requires some care. We suggest for your first setup you stick to the instruction faithfully and then once working make a few edits to the configuration at a time until it fits your requirements.
Once you have registered as a Frog partner, we'll set up test accounts for you to use for your integration and testing.
You will need to choose an Entity ID for each environment on which your app is installed.
|Developer's PC||Staging Environment||Live Environment|
http://local. <partner domain>.com/<app-name>
|https://live. <partner domain>.com/<app-name>|
For more information about Entity ID / Realm, have a look at our SSO configuration reference page. SimpleSAMLphp will generate an EntityID for you if you don't give it one, but we strongly advise against this.
We recommend you user the full qualified domain name (FQDN) suffixed with an identify for your app for example https://live.frogonline.co.uk/FrogLearn
You will also need to know which user attributes you need when we log on a user for you (please see our User Attributes page for more information). As a minimum, you'll need the FrogLearn User UUID and where you service is licenced on a whole school basis then also the Organisation UUID. There is no way to infer the identity of a school from the Frog User UUID, but regardless of any renaming of username, Organisation Name or any other attributes these two are guaranteed to be consistent. If you opt to provision accounts based on the attributes we supply, then you should also consider updating your records on successive authentication, for data consistency and compliance with the Data Protection.
Finally you'll need to know the AssertionConsumerService URL and the SingleLogoutService URL. It's fine to use the defaults generated by your SAML implementation.
Always use the metadata link on you SimpleSAMLphp administration page to determine the metadata.
Note that, for your live environment, these URLs must be served over HTTPS.
For more information, take another look at our SSO Configuration section.