Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The simplest discovery service to use is probably OpenAthens Wayfinder which automatically includes all the identity providers from any federations your entityID is in:

...

This is the default setting for OpenAthens Cloud Keystone and can be activated for OpenAthens SP by specifying https://wayfinder.openathens.net when you select the discovery method on the application > configuration tab. If you are using other SP software, check their documentation for how to specify this as the central discovery / wayf service.

...

There is no excuse for not supporting this with OpenAthens SP and OpenAthens Cloud or Keystone because it works out of the box. You would actually have to do more work to not support it.

For OpenAthens SP, simply passing through an 'entityID' parameter in the URL is enough. OpenAthens Cloud, as Keystone is a shared service , so has an extra step - see: WAYFless access and deep linking in OpenAthens Keystone 

About deep linking

This is almost as important to your customers as WAYFless URLs as it allows them to send students and researchers users to specific pages. The basic idea is that at the end of the authorisation process the user is returned to the page they were trying to access when they started the process.

...

Code Block
languagephp
titleExample PHP code
collapsetrue
<?php
    $target = $_GET['target'];
    $entity = $_GET['entity'];
?>
<?php
    header("Status: 302 Temporary move");
    header("Location: $target?entityID=$entity");
    exit;
?>

OpenAthens Cloud, as Keystone is a shared service , so has an additional step - see: WAYFless access and deep linking in OpenAthens Keystone

Redirector compatibility

Where both deep linking and WAYFLess URLs are supported, a resource becomes compatible with our Redirector. The Redirector provides our mutual customers with a consistent link format that they can use in place of a proxy mask in applications such as link resolvers, e.g:

...

This removes any need for them to use proxy servers to access your site which benefits everyone.