OpenAthens SP software end of life is approaching.
Keystone, Wayfinder and the OpenAthens federation are unaffected.

Search

Skip to end of metadata
Go to start of metadata

The federation metadata publishes two types of access URL for an entity, a generic access URL and a redirector URL. These are both configured in the application section of the publisher dashboard.

Since all OpenAthens federation IdPs are using our centralised service, it is possible to craft a WAYFless URL that uses a generic entityID and receive the same response as you would have got using a specific entityID. This allows a static link to be published that will always log a user into your service.

The generic entityID is - https://idp.eduserv.org.uk/openathens

In a URL this would typically look like

https://www.yourservicedomain.co.uk/protectedlocation?entityID=https%3A%2F%2Fidp.eduserv.org.uk%2Fopenathens

The publisher dashboard will require you to enter an access URL when you publish an entity in the OpenAthens federation and our service desk will confirm that it works before making an entity live.

Redirector URLs

Redirector URLs are WAYFless URLs with tokens for entityID and target, and an associated list of internet domains that they apply to.

The tokenised URL

This is similar to the generic access URL above only the entityID is replaced with a token, and it also includes a token for the URL that your login will send the user to after authorisation - e.g:

https://www.yourservicedomain.co.uk/protectedlocation?entityID={entity}&target={target}

The two tokens are:

  • {entity} for the IdP's entityID
  • {target} for the URL to deliver the user to

The user should be delivered to the target page rather than, for example, your homepage.


The redirector hostname(s)

These identify which internet domains should use the tokenised redirector URL. E.g:

  • if all your content is on the same domain, you would enter only that domain.
    • e.g. mydomain.com
  • If your content was on several domains, you would enter all of them
    • e.g. mydomain.com, alsomydomain.com
  • If your content was only on specific sub-domains you would enter only the relevant subdomains
    • e.g. content.mydomain.com, othercontent.mydomain.com

What redirector URLs are used for by IdPs

They allow an IdP to use a consistent URL for all resources only varying the final URL target parameter. This allows them to massively simplify the maintenance of links in their content catalogues, freeing up budget to buy more content. The format also removes the need to use proxy servers for enabled resources because the format can work with link resolvers.

An example link as used by a customer would look like:

https://go.openathens.net/redirector/ourcustomerid?url=https://www.yourservicedomain.com/somecontent.html

Only the url= parameter would change.

  • No labels