Sign in to Springshare LibApps with OpenAthens
For customers who are not in the UK Access Management federation or the InCommon federation in the United States, it may not appear to be possible to access Springshare's LibApps using OpenAthens. Luckily there is a still a way to set it up, it just takes a couple of extra steps.
Prerequisites
- Access to the OpenAthens admin area at the domain level
- Access to your LibApps Admin portal
- Look up your OpenAthens metadata address
Method
Configure LibApps
We're going to add a new SAML configuration - taken from: https://ask.springshare.com/libapps/faq/614
- In your LibApps admin portal go to Admin > LibAuth Authentication
- Add configuration
- Go to the manual configuration option
- Where it asks for the URL for your SAML Meta/Description XML file enter your OpenAthens metadata address
- Set the three attribute names to be:
- First Name: forenames
- Last Name: surname
- Email: emailAddress
- Set allow loggin in to yes and save
Add a custom SAML resource to OpenAthens
Since this application is not in the same federation, it must be added as a custom resource so that our systems know about it.
- Access the administration area as the domain administrator and navigate to the catalogue (Resources > Catalogue).
- Switch to the custom tab and click on the Add button
- Select the SAML option
- Add the LibApps metadata address: https://libauth.com/saml/module.php/saml/sp/metadata.php/springy-sp
- Click the create button
This will create a custom resource called 'Springshare LibApps'. We can come back and change details later if we need to.
Set a release policy to send the extra information
- Still in the administration area navigate to the release policy page (Preferences > Attribute release)
- Add a resource policy via the button
- Start typing Springshare to shorten the list and select LibApps when it appears
- Start typing Springshare to shorten the list and select LibApps when it appears
- Click the attributes for Email, First Name and Last Name so that they turn green (if you hover over them you'll see the names like emailAddress and surname that are actually being sent)
- Click done and then save changes
Anything to watch out for?
If you are using restrictive mode you will also need to assign the resource to relevant permission sets or access will fail.
If you are using local authentication, you will need to ensure you are mapping relevant attributes from your system to OpenAthens so that names and email addresses can be passed and depending on how you have mapped them you may need to make adjustments to some of the values suggested here.
Useful links
Some of the Springshare apps have find and replace functions to help you modify URLs to include your redirector prefix