Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


connectionIDyesUnique identifier for the local authentication system connection.

A unique identifier for the end-user account in the local authentication system. This must be unique to each end-user, persistent between logins, and  should ideally be pseudonymous and unique to the user for all time.

displayNameyesA human-readable display name for the account holder. Appears in account lists and the audit trail.
returnUrlyesA URL in your application that the user will be returned to after the OpenAthens session initiator URL is visited.
attributesonly when marked as required in attribute mappings in UIA set of additional attributes for the account holder. This may contain permission sets if mapped via the UI.


When the user is then passed back to your application via the returnUrl, it will contain an additional status parameter to indicate whether the request was successful. The location specified by the return URL should be set up to expect this parameter and it may optionally be used by the calling application to take action depending on whether the operation was successful or otherwise. In fact, aside from token expiry, there are almost no reasons why a failure of the session initiator would occur .

SuccessThe OpenAthens session was established successfully.
TokenExpiredThe session initiator token in the request has expired (tokens are valid for 60 seconds after they are issued).
SessionFailureThe OpenAthens system was unable to establish the session (non-specfic error).