Select from the applications list to edit an application. Local and external applications have slightly different options
The first two tabs appear for both types:
When you are ready to go live in the OpenAthens federation you can set this to live. It always appears for external applications, but will not appear for local applications until the OpenAthens federation is added to the connection.
What will happen then is...
A description of your product or service. It appears below the application name when seen by customers. See also:
These must be a jpg, png or gif of at least 128 x 128px. Ideally square with a transparent background.
Only used by the Wayfinder discovery service. These must be a jpg, png or gif of at least 400 x 50px. Ideally with a transparent background.
This is not required, but if you want to you can add a link to a description or sales page where potential subscribers can find out how to purchase access
The general access URL will be retired in the future but at the moment it is still necessary.
Your customers will expect you to support WAYFless access and the easiest way to create a general access URL is to use is your WAYFless URL format and set
https://idp.eduserv.org.uk/openathens as the entityID e.g: https://sp.yourdomain.com/landingpage?entityID= .
OpenAthens Keystone supports WAYFless access with little or no configuration but if have used something else you might have implemented it in a way that does not support this kind of access. In such cases it is acceptable to enter a general landing page as the access URL so long as the user can gain access from there, however your customers will prefer you to support wayfless access.
This is all about the OpenAthens Redirector. If you support both WAYFless access and deep linking (article level linking) then you are redirector compatible. The redirector provides our mutual customers with a consistent link format that they can use in place of a proxy mask in applications such as link resolvers, and removes any need for them to use proxy servers to access your site.
What you enter here are tokenised access URLs and the internet domains that use them - e.g.
Any target addresses using the listed domains will use the tokenised URL for access. There are two tokens:
If you have any difficulty with these, our service desk will be happy to help.
There is no facility to insert non-federation identifiers for customers.
This will list the endpoints specified in your metadata and provide an option to edit or remove them using the () control. You can also add more SAML endpoints should you need to (e.g. for development boxes or load balanced services). If necessary you can manually set the index value. Changes can take up to 6 hours to be reflected in the federation metadata.
Local applications have a similar option on their connection.
This will display the metadata as it will appear in the federation once published.
This is the ID used to configure your OpenID Connect instance when you add OpenAthens as a provider.
This is the secret used to secure your OpenID Connect instance when you add OpenAthens as a provider.
The root of your application without a trailing slash, e.g: https://login.yourdomain.com
This is where your OpenID Connect instance expects us to return the user after authentication, e.g: https://login.yourdomain.com/oidc/redirect
This is the link that would initiate a user login in your OIDC application - i.e. the OIDC handler that is invoked when you hit the login button. It is required to support WAYFless access.
Keystone supports the sharing of connections so that multiple apps can use the same SAML connection in a federation.
Entity categories allow you to restrict the entities that appear in supported discovery services such as OpenAthens Wayfinder. If set, only entities that have matching categories in their metadata will appear. At the moment you would almost certainly leave this blank.
OpenAthens Wayfinder is the default and recommended organisation discovery option.
Authorised domains: these are only used if you add the Wayfinder embed script to your site. You can leave them blank otherwise. See Embedding OpenAthens Wayfinder for details on how to configure your site to use embedded Wayfinder.
Enter the URL of your chosen discovery service. It must support the SAMLDS protocol.
Specify a single entityID to use for all logins. Ideal for single site applications such as VLEs and during testing.
Internal applications have a getting started link that shows the basic implementation steps. It is the same information that was displayed when you created the application records and is available in several flavours.