Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The federation metadata publishes two types of access URL for an entity, a generic access URL and a redirector URL. These are both configured in the application section of the publisher dashboard.

Since all OpenAthens federation IdPs are using our centralised service, it is possible to craft a WAYFless URL that uses a generic entityID and receive the same response as you would have got using a specific entityID. This allows a static link to be published that will always log a user into your service.

The generic entityID is - https://idp.eduserv.org.uk/openathens

In a URL this would typically look like

Code Block
https://www.yourservicedomain.co.uk/protectedlocation?entityID=https%3A%2F%2Fidp.eduserv.org.uk%2Fopenathens

The publisher dashboard will require you to enter an access URL when you publish an entity in the OpenAthens federation and our service desk will confirm that it works before making an entity live.

...

When you complete the access URL and redirector fields in the dashboard, there are a couple of things you need to know

Redirector URL fields / tab

Redirector URLs are WAYFless URLs with tokens for entityID and target, and an associated list of internet domains that they apply to.

The tokenised URL

This is similar to the generic access URL above only a WAYFles URL but with the entityID is replaced with a token, and it also includes a with another token for the URL that your login will send the user to after authorisation - e.g:

...

Only the url= parameter would change for them.

Access URL field

Whilst we hope to retire this requirement in the near future, it's still necessary.  What you'll need is our generic entityID (https://idp.eduserv.org.uk/openathens) and a target page. Simply plug those into your redirector URL in place of the tokens (percent encoded is best) and stick that in the field.

In a URL this might look like

Code Block
https://www.yourservicedomain.co.uk/protectedlocation?entityID=https%3A%2F%2Fidp.eduserv.org.uk%2Fopenathens&target=https%3A%2F%2Fwww.yourservicedomain.co.uk%2Fgenericlandingpage

The publisher dashboard will require you to enter an access URL when you publish an entity in the OpenAthens federation and our service desk will confirm that it works before making an entity live.