Search

Skip to end of metadata
Go to start of metadata

First...

You should look in the Catalogue for the resource - if it is there, then it is compatible with OpenAthens.

If the resource is in the catalogue 

Contact the publisher and ask them to enable SAML access on your subscription. You will need to pass them a couple of details about your organisation - see the details section below. 

If the resource is not in the catalogue

Contact the publisher and ask them if they support SAML for remote access. If it supports SAML, then you will be able to use OpenAthens to access it. Another word to look out for in their information is 'Shibboleth', which also uses SAML... which means it works with OpenAthens.

You will need to pass them a couple of details about your organisation - see the section below - and then you can then add them as a custom SAML resource to get access up and running quickly.

You should then pass us their contact details (and them ours) so we can talk to them about joining the OpenAthens federation. Resources being in the federation benefit all parties - for you it becomes easier, more reliable and needs less maintenance, and for the publisher it gives them access to more customers with lower support overheads.

If they say they do not support SAML (yet), ask them when they will and pass us their contact details as we have some simple options that can help them. Until they do we will see if we can provide a proxy option.

What details will the publisher / service provider need you to give them

For resources in the catalogue, the service provider has to associate your subscription with a pair of identifiers called an entityID and scope, and these can be found on the organisation summary page. You can also find the entityID and scope information on the Connections page. They look a bit like a URL and an Email address... but they are not either of those things.

You may have an option to configure this yourself via an admin login to their website, or you may need to contact their support team.

For SAML resources that are not in the catalogue you will need to provide it with your metadata or endpoints - See: Configuring a generic third party application to work with OpenAthens. Again this might be via a self-service option or you may have to contact their support team.

What to say to the service provider / publisher

Whilst OpenAthens is widely known, it is not yet universally known so publisher representatives may not know the name. Because of this you should always start by talking about SAML instead.

Some example text for three scenarios:

 For a resource in the catalogue

I would like to access my subscription using your SAML login option.

My Account reference (or equivalent on their system) is: xyz

My federation identifiers are:

EntityID: https://idp.yourdomain.com/entity

Scope: yourdomain.com

We always release targetedID and scopedAffiliation - are there any other attributes you need us to send?


 For a resource not in the catalogue (that has a SAML option)

I would like to access my subscription using your SAML login option.

My Account reference (or equivalent on their system) is: xyz

My metadata address is: https://login.openathens.net/saml/2/metadata-idp/yourAPIname

Which attributes do you require for access?

Setup for all parties is easier when they are in a common federation. We're in the OpenAthens federation: https://openathens.org/content-providers/membership/


 For a resource that doesn't support SAML yet

My Account reference (or equivalent on their system) is: xyz.

I would very much like to set up remote access to your content for my patrons / end-users, but you don't appear to have an industry-standard SAML option available. Can I ask if it is hidden, or when you will be adding one? I'm sure that neither of us want to resort to proxy servers.

If you have not yet got plans in place for SAML, the folk at OpenAthens have some good options. See: https://openathens.org/content-providers/


What next

Once the service provider has associated the relevant IDs with your subscription at their end, it is safe to select their resource from the catalogue and allocate it to permission sets for your users to access. Your users will instantly have access, although they will not see the resource in MyAthens until they sign out and back in again.

A useful trick is to enter the web address of the resource into the redirector link generator. This will not only tell you if the resource is redirectable, but will provide a link to the resource's catalogue entry where you can check details and then use the allocation options to put it in your permission sets.

See also:


Where a service provider does not offer a SAML based access method and the resource in question is important to your remote access provision, there may still be an option for remote access via managed proxy and you should discuss this with your account manager.



  • No labels