This space contains the old OpenAthens SP documentation and is no longer maintained.
OpenAthens SP software is already out of support and will reach end of life in May 2020.

Check out OpenAthens Keystone instead. It's supercool and makes dealing with SAML much easier.

Search

Skip to end of metadata
Go to start of metadata

Installing OpenAthens SP will have created an example vhost in /etc/httpd/conf.d/.

The publisher dashboard displayed the vhost configuration you need to create when you added your application. You can access this again via the  getting started tab on your application.

Create a file in the folder above called, for example, openathens-sp.conf:

vi /etc/httpd/conf.d/openathens-sp.conf

Use the Apache configuration from the dashboard as a guide to create your vhosts - e.g:

<VirtualHost *:80>
   ServerName yourdomain.com

   OATempDir /var/cache/openathens
   OAConfig http://sp.openathens.net/config?id=499f54f6-1a1e-4806-b9c2-d40357278fa4
   OAAPIKey 5d11b069-bfe7-4fef-8c53-9204cb754e53

   <Location /pathtoprotected>
     Redirect permanent /pathtoprotected https://%{SERVER_NAME}/pathtoprotected
   </Location>

</VirtualHost>
<VirtualHost *:443>
   ServerName yourdomain.com

   SSLEngine on
   SSLCertificateFile /etc/pki/tls/certs/yourdomain.com.crt
   SSLCertificateKeyFile /etc/pki/tls/private/yourdomain.com.key
   
   OATempDir /var/cache/openathens
   OAConfig http://sp.openathens.net/config?id=499f54f6-1a1e-4806-b9c2-d40357278fa4
   OAAPIKey 5d11b069-bfe7-4fef-8c53-9204cb754e53

   <Location /pathtoprotected>
      AuthType OpenAthens
      require valid-user
   </Location>

</VirtualHost>

In the second virtual host section (*:443) you will need to specify the location and name of your website's SSL certificate and key. These are usually found in the /etc/pki/tls/certs/ and /etc/pki/tls/private/ directories.

In the location section you specify the enabled location - e.g. where OpenAthens SP will be required to pass through the user. This might be your entire application, but is commonly a single point where you start your own site's session and return the user to wherever they were going originally - e.g:

<Location /auth/federated>
  AuthType OpenAthens
  require valid-user
</Location>

Exit the editor saving changes (for more options, see also: Restricting access via vhost).

Restart Apache to start using this configuration:

sudo service httpd restart 

This will download the configuration that has been set up in the publisher dashboard and start using it. Any time you make updates via the dashboard, they will be picked up by OpenAthens SP the next time Apache is restarted.

Next

  • No labels