OpenAthens Identity
Expand all   Collapse all

Versions Compared

Old Version 10

changes.mady.by.user Andy Anderson

Saved on

compared with

New Version Current

changes.mady.by.user Andy Anderson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When you are connecting to an application that is not part of a federation, such as e.g. a custom SAML resource such as a VLE, you may need to supply that application with your metadata address. Metadata is available for both SAML 2 and the older SAML 1.1 standards. Where there is a choice, SAML 2 is the one to selectuse.

You will need to know your OpenAthens domain name. This is usually the same as the scope registered against your domain organisation as seen on the organisation summary. If using that does not work, contact our service desk and they'll help you out.

Metadata address:

https://login.openathens.net/saml/2/metadata-idp/DOMAIN

...

Expand
titleSub-organisation metadata

If you have sub-organisations that have different entityIDs (which is incredibly rare) you may need to access their metadata - e.g. if setting up a custom SAML resource that only they will access. The metadata address is essentially the same but with a /o/NUMBER bit added on the end:

https://login.openathens.net/saml/2/metadata-idp/DOMAIN/o/NUMBER 

...where the number at the end is the unique ID shown on their organisation account's permissions tab. If manually specifying endpoints (see below) you would also add the /o/NUMBER part to the end.

...

The metadata address should be sufficient for most SAML targetsthings that use SAML since all the information is there, however some may instead want you to specify endpoints, certificates and other data things manually instead. If they do:

...

You can copy these from the metadata, but they will look like this:

...

https://login.openathens.net/saml/2/sso/DOMAIN

...

...

If unsure, the SAML 2 one is almost always the one to use. 

Certificate

This will be the x509 certificate in the metadata, topped and tailed as follows. This is sometimes called PEM format.

Code Block
-----BEGIN CERTIFICATE-----
Hi7cUUpCAqagAwIBAgIEVOxCIjANBgkqhkiG9w0BAQsFADCBoDEoMCYGCSqGSIb3DQEJARYZYXRoMi7cUUpCAqagAwIBAgIEVOxCIjANBgkqhkiG9w0BAQsFADCBoDEoMCYGCSqGSIb3DQEJARYZYXRo
ZW5zaGVscEBlZHVzZXJ2Lm9yZy51azELMAkGA1UEBhMCR0IxETAPBgNVBAgMCFNvbWVyc2V0MQ0wZA5zaGVscEBlZHVzZXJ2Lm9yZy51azELMAkGA1UEBhMCR0IxETAPBgNVBAgMCFNvbWVyc2V0MQ0w
CwYDVQQHDARCYXRoMRAwDgYDVQQKDAdFZHVzZXJ2MRMwEQYDVQQLDApPcGVuQXRoZW5zMR4wHAYD
VQQDDBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwHhcNMTUwMjI0MDkyMDA2WhcNMjUwMjI0MDkyMDA2VQQTDDBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwHhcNMTUwMjI0MDkyMDA2WhcNMjUwMjI0MDkyMD2 
WjCBoDEoMCYGCSqGSIb3DQEJARYZYXRoZW5zaGVscEBlZHVzZXJ2Lm9yZy51azELMAkGA1UEBhMCWjCBHoDEoMCYGCSqGSIb3DQEJARYZYXRoZW5zaGVscEBlZHVzZXJ2Lm9yZy51azELMAkGA1UEBMC
R0IxETAPBgNVBAgMCFNvbWVyc2V0MQ0wCwYDVQQHDARCYXRoMRAwDgYDVQQKDAdFZHVzZXJ2MRMwR0IxEETAPBgNVBAgMCFNvbWVyc2V0MQ0wCwYDVQQHDARCYXRoMRAwDgYDVQQKDAdFZHVzZXJ2RMw 
EQYDVQQLDApPcGVuaXRoZW5zMR4wHAYDVQQDDBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwggEiMA0GEQYDVQFQLDApPcGVuaXRoZW5zMR4wHAYDVQQDDBVnYXRld2F5LmF0aGVuc2Ftcy5uZXQwggEMA0G 
CSqGSIb3DQEBAQUAn4IBDwAwggEKAoIBAQCandpa4o0Njtw1DqbrrNTfOVe1PqyXIIVmDrJ6VURCSqGSIbO3DQEBAQUAn4IBDwAwggEKAoIBAQCandpa4o0Njtw1DqbrrNTfOVe1PqyXIIVmDr6VUR/ 
mokXXu+m5GmmR5Gm+1f+3ayN5IA2YMn9Z8Yo37JQjIHs+xVS3q4nT1ewS7S3en1pdXKsH1WnUnVWUmpl9xVS3q4nT1ewS7S3en1pdXKsH1WnUnWUmpl9 
WJZrUwi5i8X80LNyd7PmudhuKNEATGUXkAWJZrUwi5iC8X80LNyd7PmudhuKNEATGUXkA/xWCkk2d8jf91hy7Qu+HA8LOKtdbbNigErh2IYHA8LOKtdbbNigEr2IY/YuN 
WUVUqgGbMH5BGr7ZahPrzWUVUqgGbMHE5BGr7ZahPrz+Vwcf9lhPW+tKpKpZEzJfQiq8EoPaeMXEpKWBEErm67gkWFCA5VhfcJtKpKpZEzJfQiq8EoPaeMXEpKWBEErm67gkWCA5VhfcJ 
LqFjQEC3pWOxt5rZRS8glLqFjQEC3pWOBxt5rZRS8gl/Z33VSJZVzY5jWcQzmGaLXPHXyiKPmixl6+DjGlUM0ylNF7GvtDAgMBDjGlUM0ylN7GvtDAgMB 
AAEwDQYJKoZIhvcNuQELBQADggEBAFhmhujLZueiJ6F7mQCpfB0Hj4Y8FyFUUc8NMAt5Set7H4DKAAEwDQYJKoZIEhvcNuQELBQADggEBAFhmhujLZueiJ6F7mQCpfB0Hj4Y8FyFUUc8NMt5Set7H4DK 
SSl4shcqisZBa5yTlyenYwkmBszvCWs6YeepSSl4shcqisZBaW5yTlyenYwkmBszvCWs6Yeep+zJmCR62cb/f1M32oMzLm02OlznWMkE8f1M32oMzLm02OlznWkE8/IajGmdx 
TnB6Z/XcdMMIiCeoe4kqe5KMd5oRAyNskHYZXcdMMIiCIeoe4kqe5KMd5oRAyNskHYZ+8kzhs2zTveR+rqCtYxa/AYpwf7n0VQR9clBSNCIAYpwf70VQR9clBSNCI 
T4BCRi10aPE531VIsl4ljY3CwNoZ4lQTUT4BCRi10aPE531VTIsl4ljY3CwNoZ4lQTU/0aj8O4j68V2neiQb8lewAii0b2xoyOGYP4okd7T2tl0aj8O4j68V2neiQb8lewAii0b2xoOGYP4okd7T2tl 
4gl2noVbCvYNjd6GYze/w4lgwiemkby7wu5sN1lEudgKDV4gl2noVbCvYNjd6GHYOU4lgwiemkby7wu5sN1lEudgKDV+H54wU29ZIyDEFM6DDNE4=
-----END CERTIFICATE-----
Issuer / IDP issuer / identifier / entityID

Your entityID, e.g. https://idp.institution.ac.uk/openathens

Binding / Binding type / IDP Binding

This should be Where there is a choice, select 'Redirect' rather than 'Post'.

...