In most cases your SAML SP software will work with the SAMLDS protocol that the OpenAthens discovery service expects and it is just a case of configuring it.

OpenAthens SP or OpenAthens Cloud SP

For both OpenAthens SP and OpenAthens Cloud SP, the procedure is the essentially the same.

  1. Sign in to the publisher dashboard (https://sp.openathens.net)

  2. Select the application in question and go to its configuration tab

  3. Scroll to the  discovery method section and select the radio button for the central discovery service

  4. If it doesn't already say so in the box, enter https://discovery.openathens.net  

  5. Save changes

OpenAthens Cloud SP will start to use the discovery service immediately.

OpenAthens SP, as with any configuration change, will need a webserver restart to pick up and start using the new settings.

See also: Discovery

Shibboleth

You will need to do two things:

Add a discovery response binding to your metadata in the <Extensions> section- e.g:

<Extensions>
   ...
   <disco:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://shibsp.yourdomain.com/Shibboleth.sso/DS" index="1"/>
   ...
</Extensions>

... and add the discovery service to your shibboleth.xml configuration file in the SSO section in place of any singular IdP definition:

 <SSO
     discoveryProtocol="SAMLDS" discoveryURL="https://discovery.openathens.net">
     SAML2 SAML1
 </SSO>

SimpleSAML.php

Set the options in authentication.php:


Anything to watch out for?

If your service is already live: any federations you are a member of will have to update your metadata to include valid discovery return URLs before discovery will work - e.g for OpenAthens SP it will need to contain something like:

<idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://yourdomain.com/oa/disco-ret" index="1"/>"


<idpdisc:DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="{replace with applicationUrl}/oa/disco-ret" index="1"/>”