Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The first thing to do is check if you have UK fed enabled in OpenAthens and have our service desk enable it if not. To check: access the administration area and go to Management > Connections. Look for entry in the federations section in the top left and keep the page open so you can reference the . You will need to reference these details later.

PLACEHOLDER - SCREENSHOTImage Added

If there is no existing registration our service desk can quickly add one. Your 'scope' must will be the same across all federations but your entityID can be different in the UK fed if you need it to match an existing entity - e.g. if you are were upgrading from Shibboleth. If you do not specify an entityID, our service desk will duplicate your OpenAthens federation entityID (recommended).

...

Their website should be your source of details for the process:

  1. https://ukfederation.org.uk/content/Documents/ApplyforMembership
  2. https://ukfederation.org.uk/content/Documents/OutsourcedIdP

Here we have the The relevant bits of information about us that you will need to tell them about your 'outsourced IdP' are below. This may be all you need if you are already a member.

...

Use the entityID displayed in your administration area for the UK fed as described above. E.g. https://idp.domainyourdomain.net/entity

If the domain name contained within the entityID belongs to the applicant rather than to the external organisation, an explicit statement by the applicant approving the use of the entityID by the external organisation.

...

If you are a single organisation, use the scope displayed in your administration area for the UK fed as described above. E.g. "domainyourdomain.net"

If you are a consortia organisation, or have organisational units that will need to be identified as different discrete to service providers, or may have those later, ... or if you are unsure, add a wildcard to your scope. E.g. "*.domainyourdomain.net"

Anything else?

They do not ask for this, but it would be helpful to include your metadata address which for them will be https://login.openathens.net/saml/2/metadata-idp/domainDOMAIN/c/ukfed where 'domainDOMAIN' is your OpenAthens domain (usually the same as your basic scope). If you are unsure, our service desk can help. This is slightly different from the metadata address you would use for a custom SAML application

...