Skip to main content
Skip table of contents

Using your own discovery service with OpenAthens Keystone

Whilst our Wayfinder service is recommended you may prefer to write your own organisation discovery service. If you do, you'll need to know how to pass the relevant details to Keystone.

Once you have the relevant entityID for the user's organisation forward the user to:

CODE
https://connect.openathens.net/{domain}/{appId}/login?entity={encodedEntity}&target={encodedTarget}

The domain and appId parts of the address can be taken from your app's client ID (Configuration tab in the publisher dashboard) - they're the bits either side of the part that says ".oidc-app-v1." - e.g:

yourdomain.com.oidc-app-v1.ec5362c9-ac96-4bc0-b5c3-100508ea4957

The entityID and target parameters should be encoded to make them URL safe and are the entityID of the IdP and the address where you will handle the user on their return, getting them to the page they were trying to access.

E.g:

https://connect.openathens.net/yourdomain.com/ec5362c9-ac96-4bc0-b5c3-100508ea4957/login?entity=https%3A%2F%2Fidp.eng.nhs.uk%2Fopenathens&target=https%3A%2F%2Fwww.yourdomain.com%2Fdeeplink.php

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.