Like most SAML SPs, OpenAthens SP and OpenAthens Keystone can also interact with SAML identity providers outside of a federation context. With OpenAthens this is done by adding their metadata to what is effectively a mini federation we create that is specific to your connections. To do this:
- In the publisher dashboard select your connection
- Scroll down to the identity providers section
- Click on the additional identity providers link
- Add a new one via the green button at the top, you can link to or upload their metadata - or use the ellipsis menu next to an existing entry to view or update metadata
- Affirm the certificate is ok
- Back on the connections page: if it is not already set, toggle the switch on the additional identity providers line to 'Allow'
- Save the changes to the connection
That identity provider will then become available to all of your connections and the applications that use them.
Your addition will not cause that IdP to become available for any other publishers.
Anything to watch out for?
It can take up to six hours for the changes to propagate to where the SP instance can become aware of them. From that point:
- OpenAthens Keystone is done.
- OpenAthens Wayfinder will need up to 5 minutes more.
- OpenAthens SP will pick up the changes the next time it refreshes metadata (once per day unless you restart the webserver).