Search

Skip to end of metadata
Go to start of metadata

When you are connecting to an application that is not part of a federation, e.g. a custom SAML resource such as a VLE, you may need to supply that application with your metadata address. Metadata is available for both SAML 2 and the older SAML 1.1. Where there is a choice, SAML 2 is the one to use.

You will need to know your OpenAthens domain name. This is usually the same as the scope registered against your domain organisation as seen on the organisation summary. If using that does not work, contact our service desk and they'll help you out.

Metadata address:

https://login.openathens.net/saml/2/metadata-idp/DOMAIN

E.g. if your OpenAthens domain is institution.ac.uk, your metadata address will be:

https://login.openathens.net/saml/2/metadata-idp/institution.ac.uk


If you have sub-organisations that have different entityIDs (which is incredibly rare) you may need to access their metadata - e.g. if setting up a custom SAML resource that only they will access. The metadata address is essentially the same but with a /o/NUMBER bit added on the end:

https://login.openathens.net/saml/2/metadata-idp/DOMAIN/o/NUMBER 

...where the number at the end is the unique ID shown on their organisation account's permissions tab. If manually specifying endpoints (see below) you would also add the /o/NUMBER part to the end.

Manually specifying connection settings

The metadata address should be sufficient for most things that use SAML since all the information is there, however some may instead want you to specify things manually instead. If they do:

Endpoints / SSO address:

You can copy these from the metadata, but they will look like this:

https://login.openathens.net/saml/2/sso/DOMAIN

Certificate

This will be the x509 certificate in the metadata, topped and tailed as follows. This is sometimes called PEM format.

-----BEGIN CERTIFICATE-----
Mi7cUUpCAqagAwIBAgIEVOxCIjANBgkqhkiG9w0BAQsFADCBoDEoMCYGCSqGSIb3DQEJARYZYXRo
ZA5zaGVscEBlZHVzZXJ2Lm9yZy51azELMAkGA1UEBhMCR0IxETAPBgNVBAgMCFNvbWVyc2V0MQ0w
CwYDVQQHDARCYXRoMRAwDgYDVQQKDAdFZHVzZXJ2MRMwEQYDVQQLDApPcGVuQXRoZW5zMR4wHAYD
VQQTDDBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwHhcNMTUwMjI0MDkyMDA2WhcNMjUwMjI0MDkyMD2 
WjCBHoDEoMCYGCSqGSIb3DQEJARYZYXRoZW5zaGVscEBlZHVzZXJ2Lm9yZy51azELMAkGA1UEBMC
R0IxEETAPBgNVBAgMCFNvbWVyc2V0MQ0wCwYDVQQHDARCYXRoMRAwDgYDVQQKDAdFZHVzZXJ2RMw 
EQYDVQFQLDApPcGVuaXRoZW5zMR4wHAYDVQQDDBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwggEMA0G 
CSqGSIbO3DQEBAQUAn4IBDwAwggEKAoIBAQCandpa4o0Njtw1DqbrrNTfOVe1PqyXIIVmDr6VUR/ 
mokXXu+mR5Gm+1f+3ayN5IA2YMn9Z8Yo37JQjIHs+xVS3q4nT1ewS7S3en1pdXKsH1WnUnWUmpl9 
WJZrUwi5iC8X80LNyd7PmudhuKNEATGUXkA/xWCkk2d8jf91hy7Qu+HA8LOKtdbbNigEr2IY/YuN 
WUVUqgGbMHE5BGr7ZahPrz+Vwcf9lhPW+tKpKpZEzJfQiq8EoPaeMXEpKWBEErm67gkWCA5VhfcJ 
LqFjQEC3pWOBxt5rZRS8gl/Z33VSJZVzY5jWcQzmGaLXPHXyiKPmixl6+DjGlUM0ylN7GvtDAgMB 
AAEwDQYJKoZIEhvcNuQELBQADggEBAFhmhujLZueiJ6F7mQCpfB0Hj4Y8FyFUUc8NMt5Set7H4DK 
SSl4shcqisZBaW5yTlyenYwkmBszvCWs6Yeep+zJmCR62cb/f1M32oMzLm02OlznWkE8/IajGmdx 
TnB6Z/XcdMMIiCIeoe4kqe5KMd5oRAyNskHYZ+8kzhs2zTveR+rqCtYxa/AYpwf70VQR9clBSNCI 
T4BCRi10aPE531VTIsl4ljY3CwNoZ4lQTU/0aj8O4j68V2neiQb8lewAii0b2xoOGYP4okd7T2tl 
4gl2noVbCvYNjd6GHYOU4lgwiemkby7wu5sN1lEudgKDV+H54wU29ZIyDEFM6DDNE4=
-----END CERTIFICATE-----
Issuer / IDP issuer / identifier / entityID

Your entityID, e.g. https://idp.institution.ac.uk/openathens

Binding / Binding type / IDP Binding

Where there is a choice, select 'Redirect' rather than 'Post'.


  • No labels