This space contains the old OpenAthens SP documentation and is no longer maintained.
OpenAthens SP software is already out of support and reached end of life in May 2020.

Check out OpenAthens Keystone instead. It's supercool and makes dealing with SAML much easier.



  • A server running Java with relevant environment variables set (e.g. JAVA-HOME)
  • Server time synced with NTP or equivalent
  • Familiarity with your chosen platform
  • Access to the publisher dashboard.


  1. Install OpenAthens software

    1. The recommended method is to use our Maven repository. For connection details see: Maven settings for Java OASP

    2. The software is also available as a zip file from our service desk. You will need to manually move jar files to the correct location and set environment variables.

  2. Create metadata keys. These are used for signing and encrypting SAML exchanges. The public key will be published in metadata.

    1. Using Keystore Explorer

  3. If you have not already done so, create an application in the publisher dashboard. You will have the opportunity to paste in the signing certificate you generated in the previous step.when you set it up.

    1. If this is for an existing application, open the application in the dashboard and go to the getting started tab to paste in your signing certificate.

  4. Configure your web.xml file. The publisher dashboard will have  generated a configuration to copy and paste. In the file you will also need to:

    1. Update the protected location to cover your application.

    2. Restart your web server to download the configuration from the publisher dashboard and start using it.

Configure your application

See OpenAthens SP common


When there will be more than one organisation accessing by this method, such as in a federation, you would usually restrict access by checking the users' scope. See: Attribute based authorisation on Java

  • No labels