When you trigger approval for your application to appear in front of customers in the OpenAthens federation our service desk will run some tests. These will vary depending on how your resource works and will usually include areas not mentioned here - the goal is not just to tick some boxes, but to make sure that our mutual customers get the best experience from us both.
Testing will look at things such as:
- Login flow - e.g:
- is it clear whether or not the user is logged in?
- is it clear whether a login has failed?
- where unauthenticated users can find pages before logging in, does the login return the user to the page they were trying to access?
- How authorisation is handled - e.g:
- authorising on scope (one entityID can have many scopes)
- not authorising on entityID
- WAYFless access function - e.g:
- uses federation entityIDs
- are there differences between federations?
- Is a deep link function (article level linking) available?
- Redirector configuration (enables link resolvers to work without proxy servers)
- Logout function - e.g:
- is it clear whether or not the user is logged out?
- if an option to sign out of the IdP is available it is optional rather than forced
- Names, descriptions and logos appear production ready - e.g:
- fields do not say things like 'ask marketing about this bit later'
If all is well they will hit the approve button and let you know. They will also be in touch if their tests raise any questions.
Once approved, your application will appear in the federation metadata when it next refreshes (it does do 4 times per day, so it could be up to 6 hours before you see the change).
Remember to set them up with access beforehand.