OpenAthens LA support ended on 31 March 2020


Skip to end of metadata
Go to start of metadata

Questions with short answers:

Browser requirements

It is a good idea to always use the most recent version of any browser. Whilst older versions of browsers will often work, we do not encourage their use.

Can I change my entityID?

This can be done on the configurations > connections settings page, but has significant implications if you are live as all federations and service providers would also need to make updates, and your users would appear to be new people.

Can I use OpenAthens LA in the OpenAthens federation?

Not directly. OpenAthens LA can be used as an authentication provider for OpenAthens MD, however you may find that OpenAthens MD's newer local connectors now make that the better solution for you. See: Connections in the MD documentation.

Can more than one type of authentication method be used at the same time?

Yes... but it would be difficult. Whilst you can set up several authentication stores in the administration console, only one can be used per runtime. You would need to use additional runtimes with separate configurations, and add a method to the authentication point to transfer to the relevant runtime.

Can the runtime and administration servers be installed on the same machine?

Yes... but you would rarely want to do so. The runtime server has to be internet facing to allow users to log into resources from outside of your network, but the administration console should only be accessible to trusted people within your network. If you are short of server space, you can install the administration console on a desktop machine as a workaround.

How do I change my organisation display name?

This can be done on the configurations > connections settings page.

How do users log out?

The logout function is at /oala/logout - e.g.

How much RAM can I add to a 32bit image?

Our images ship with PAE enabled which means they can support more than the usual 2GB limit. The recommended maximum is 16GB.

There is no 64bit version available.

I've been told that X or Y component is not the latest version

As long as you are regularly updating, this is usually nothing to worry about. As long as the components in question are within vendor support, they will receive all relevant security patches (often called 'backports'). Our pre-built images run on CentOS 6 which is supported by CentOS until 2020.

What are the security implications of using Referral URL or Form GET with proxy resources?

Unlike some proxy software, the OpenAthens LA proxy module will not pass the referral URL and username/password from the proxy server to the remote site. This means that even if the end user has installed software to monitor the web traffic, they will not be able to retrieve the login credentials (e.g. from page headers).

For any resources that use shared credentials, you should ensure that the access credentials cannot be modified without further authorisation before setting up access this way.

Which ports need to be open

See the server considerations page in the administration console installation section or runtime installation section:

Why do some users get a message about disabled cookies when they access proxied resources?

It's unlikely but not impossible that they have disabled cookies entirely, but more likely that they are using Internet Explorer and have set the privacy settings higher than medium - they can either set it to medium, or add the domain of your LA login to their trusted sites.


  • No labels