Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When you are connecting to an application that is not part of a federation, such as a custom SAML resource, you may need to supply that application with your metadata address. Metadata is available for both SAML 2 and the older SAML 1.1 standards. Where there is a choice, SAML 2 is the one to select.

...

https://login.openathens.net/saml/2/metadata-idp/institution.ac.uk

...


Expand
titleSub-organisation metadata

If you have sub-organisations that have different entityIDs you may need to access their metadata - e.g. if setting up a custom SAML resource that they will access. The metadata address is essentially the same but with a /o/NUMBER bit added on the end:

https://login.openathens.net/saml/2/metadata-idp/

...

DOMAIN/o/NUMBER 

...where the number at the end is the unique ID shown on their organisation account's permissions tab. If manually specifying endpoints (see below) you would also add the /o/NUMBER part to the end.

Manually specifying connection settings

The metadata address should be sufficient for most SAML targets, however some may instead want you to specify endpoints, certificates and other data manually instead. If they do:

Endpoints / SSO address:

You can copy these from the metadata, but they will look like this:

SAML 2https://login.openathens.net/saml/2/sso/DOMAIN
SAML 1.1https://login.openathens.net/saml/1/sso/DOMAIN

If unsure, the SAML 2 one is almost always the one to use. 

Certificate

This will be the x509 certificate in the metadata, topped and tailed as follows. This is sometimes called PEM format.

...