Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • You will need domain / owner level access to the OpenAthens admin area
  • If you use restrictive mode you will need to add this resource to the permission set(s) used by the users you have authorised on the service - you may prefer to create one specifically for those few users and this resource.
  • You will need to be able to release some attributes that you would not usually release, such as an email address, so relevant users must have data in those fields 
  • You have registered for the certificate service via: https://www.jisc.ac.uk/certificate-service

Required attributes

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (eduPersonPrincipalName)
  • urn:oid:0.9.2342.19200300.100.1.3 (email address)

...

  1. Go to Preferences > Attribute release
  2. Click the 'Add a resource policy’ button and search for "Sectigo Certificate Manager"
  3. Click on the attributes you want to release - the ones representing emailAddress and EPPN, and optionally First name and Last name
  4. Unless you have created them in the schema editor to have the required attribute names you will need to click on advanced and go to the attribute aliases section to release them with the expected names:
    1. In the left hand box select the orginal target name (e.g. emailAddress)
    2. In the right hand box enter the desired target name from the list of required and optional attributes above (e.g. urn:oid:0.9.2342.19200300.100.1.3)
  5. When you've set them all up click on Done and then Save at the top of the page

...

  • I mapped an attribute but it's not releasable
    • Either you have not set the schema attribute as releasable in the schema editor or you have not correctly mapped your local attribute to the schema attribute. 
      • The schema attribute must exist before you set up the mapping
      • Attribute names are case sensitive
  • I get a denied message from the certificate manager or test page
    • Either Unless it says you you are not registered with them yet or you are it will be to so with not releasing the required attributes
      • If attributes... check Check that the account has values against the relevant fields, and if it does check the attribute aliases for typos in
      • Check that the release policy (advanced section)is releasing all the attributes (you must release them as well as adding relevant aliasses)
      • Check the attribute aliases for typos 
  • I get a denied message from OpenAthens
    • If the message is from us then you You probably have restrictive mode enabled and have not added the "Sectigo Certificate Manager" to the any permission set used by the account

...