Before making your service live for our mutual customers and publishing it the federation, our service desk runs some checks and to do so our identifiers will need to get past your authorisation checks.
- If your resource clearly shows whether or not a user is logged in - e.g. the login link disappears - then our service desk will only need sufficient access to get past the OpenAthens authentication rather than access any restricted content.
- You should enable access for only the following scopes, which are associated with the entityID
- If your resource does not clearly show whether a user is logged in or not, then we will also need sufficient access to at least one restricted page so that we are able to tell the difference.
You can remove this authorisation once you are live.
For external applications such as Shibboleth we will need to make our accounts aware of your metadata before we can test. Our service desk will capture what they need from your application record.
If you have added the OpenAthens federation metadata, remove it. You can leave any other federation metadata in place, but during testing the only OpenAthens metadata to enable is our test IdP: https://login.openathens.net/saml/2/metadata-idp/sd.openathens.net