OpenAthens SP software end of life is approaching.
Keystone, Wayfinder and the OpenAthens federation are unaffected.

Search

Skip to end of metadata
Go to start of metadata

Wayfinder uses the SAML DS protocol and as long as your SP software does too it's just a case of configuring it to use Wayfinder as the discovery service. Some common SPs are covered below:

OpenAthens Keystone

  1. Sign in to the publisher dashboard (https://sp.openathens.net

  2. Select the application in question and go to its discovery tab

  3. Scroll to the  discovery method section and select the radio button for Wayfinder

  4. Save changes

Keystone will start to use the hosted version of Wayfinder immediately. Keystone also has the option for you to embed Wayfinder into your site. See: Embedding OpenAthens Wayfinder

The OpenAthens federation will be updated automatically but if you are in any other federations they will have to update your metadata to include valid discovery return URLs before discovery will work: 

<idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://connect.openathens.net/saml/2/auth" index="1"/>

See also: Discovery

OpenAthens SP

  1. Sign in to the publisher dashboard (https://sp.openathens.net)

  2. Select the application in question and go to its configuration tab

  3. Scroll to the  discovery method section and select the radio button for the central discovery service

  4. If it doesn't already say so in the box, enter https://wayfinder.openathens.net  

  5. Save changes

As with any configuration change, OpenAthens SP will need a webserver restart to pick up and start using the new settings.  

The OpenAthens federation will be updated automatically but if you are in any other federations they will have to update your metadata to include valid discovery return URLs before discovery will work: 

<idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://yourdomain.com/oa/disco-ret" index="1"/>"

See also: Discovery

Shibboleth

You will need to do three things:

Add a discovery response binding to your metadata in the <Extensions> section- e.g:

<Extensions>
   ...
      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://shibsp.yourdomain.com/Shibboleth.sso/DS" index="1"/>
   ...
</Extensions>

... then add the discovery service to your shibboleth.xml configuration file in the SSO section in place of any singular IdP definition:

 <SSO
     discoveryProtocol="SAMLDS" discoveryURL="https://wayfinder.openathens.net">
     SAML2 SAML1
 </SSO>

Check that your metadata now includes an <idpdisc:DiscoveryResponse> section and then have your updated metadata be picked up by each federation you are active in. How this is done can vary by federation, but you will usually have to tell them.

If you are in the OpenAthens federation you will need to add the discovery return URL to your SAML endpoints via the publisher dashboard:

  • Once you are logged in at sp.openathens.net, select your application
  • Go to the SAML endpoints tab and click the add endpoint button
  • Select discovery return URL, enter the value and click done
  • Click Save changes
  • It will take up to 15 minutes for the change to take effect

SimpleSAML.php

Set the options in authentication.php and then restart the service

  • 'discoURL'  => 'https://wayfinder.openathens.net' 
  • 'idp' => null

Check that your metadata now includes an <idpdisc:DiscoveryResponse> section and then have your updated metadata be picked up by each federation you are active in. How this is done can vary by federation, but you will usually have to tell them.

If you are in the OpenAthens federation you will need to add the discovery return URL to your SAML endpoints via the publisher dashboard:

  • Once you are logged in at sp.openathens.net, select your application
  • Go to the SAML endpoints tab and click the add endpoint button
  • Select discovery return URL, enter the value and click done
  • Click Save changes
  • It will take up to 15 minutes for the change to take effect

Other SP software

Add according to their instructions and then update the federation metadata as above.

Troubleshooting

No entities appear in Wayfinder

You are either not live in any federations, or you have set an entity category restriction on the configuration tab. To check these:

  • Federations - download that federation's metadata, find your entity, and check that it included a <idpdisc:DiscoveryResponse> section.
  • Entity categories - in the publisher dashboard go to the application > configuration tab. Entity categories are set at the bottom of the page and remove them - you are unlikely to need any set.


  • No labels