Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

OpenAthens SP, as with any configuration change, will need a webserver restart to pick up and start using the new settings.

If you are in any federations other than the OpenAthens federation they will have to update your metadata to include valid discovery return URLs before discovery will work - e.g:

Code Block
languagexml
<idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://yourdomain.com/oa/disco-ret" index="1"/>"

See also: Discovery

Shibboleth

You will need to do two three things:

Add a discovery response binding to your metadata in the <Extensions> section- e.g:

Code Block
xml
xml
<Extensions>
   ...
   <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://shibsp.yourdomain.com/Shibboleth.sso/DS" index="1"/>
   ...
</Extensions>

... and then add the discovery service to your shibboleth.xml configuration file in the SSO section in place of any singular IdP definition:

Code Block
xml
xml
 <SSO
     discoveryProtocol="SAMLDS" discoveryURL="https://discovery.openathens.net">
     SAML2 SAML1
 </SSO>

Finally, you will need to add your discovery return endpoint to the metadata of every federation you are active in. You will usually have to tell them.

If you are in the OpenAthens federation you will need to add the discovery return URL to your SAML endpoints via the SP dashboard:

  • Once you are logged in at sp.openathens.net, select your application
  • Go to the SAML endpoints tab and click the add endpoint button
  • Select discovery return URL, enter the value and click done
  • Click Save changes
  • It will take up to 15 minutes for the change to take effect

SimpleSAML.php

Set the options in authentication.php:

  • 'discoURL'  => 'https://discovery.openathens.net' 
  • 'idp' => null

Anything to watch out for?

If your service is already live: any federations you are a member of will have to update your metadata to include valid discovery return URLs before discovery will work - e.g for OpenAthens SP it will need to contain something like this:

...

languagexml

...

Finally, you will need to add your discovery return endpoint to the metadata of every federation you are active in. You will usually have to tell them.

If you are in the OpenAthens federation you will need to add the discovery return URL to your SAML endpoints via the SP dashboard:

  • Once you are logged in at sp.openathens.net, select your application
  • Go to the SAML endpoints tab and click the add endpoint button
  • Select discovery return URL, enter the value and click done
  • Click Save changes
  • It will take up to 15 minutes for the change to take effect