Registering an OpenAthens Service Provider
OpenAthens is name representing a variety of SAML-based identity and access management solutions, including OpenAthens MD, OpenAthens LA and OpenAthens SP. It is a Single Sign-On product designed to aid access management to subscription-based digital content.
You must register your OpenAthens SP's metadata with us in order to interoperate with IdPs registered in the UK federation. You may need to configure more features once your SP is registered, for example authorization conditions.
Before sending the information required for registration, listed below, you must ensure the following:
- Install and configure the OpenAthens SP software according to Eduserv's instructions.
- Obtain an X.509 certificate for the trust fabric
- You have obtained a browser-facing certificate and configured it for port 443 of your SP. The UK federation does not need to know about this browser-facing certificate.
- Your organization controls the domain in the entityID of your IdP
- You have read the UK federation Operational Information page.
- You are familiar with the UK federation's Technical Recommendations for Participants, and other UK Federation Technical Documents.
Once these prerequisites have been met:
- A Management Contact for your organisation must email an SP registration request to the UK federation Helpdesk and include the information required for registration, listed below.
- We will verify this information and perform several technical checks. We may need to communicate with the registrant to rectify any issues.
- We then authenticate the trust fabric certificate(s) in the SP metadata by means of an email-based security procedure (see Certificate verification). The Management Contact must reply to our email before we can complete the registration.
- Once we have received the authentication email from the Management Contact, we will publish your SP's metadata in the UK federation metadata on the next publishing run. Please take note that metadata must propagate to the identity providers (IdPs) your SP will interoperate with.
- We will let you know by email once the UK federation metadata has been updated to include the information you have supplied.
- You can now test your SP using the UK federation test IdP.
The information required for registration should be provided in the email body of the message as plain text, please do not provide this as an attachment from your office software, if you must provide an attachment please use a text editor.
You can use the following SP registration request link to create an email message.
- entityID: The entityID is a URI identifying your service provider. The Shibboleth SP software will generate this for you, but you may need to change it to ensure that it conforms with requirements. It must be different from the entityID of any existing entity already in the UK federation. If your service provider is already a member of another federation please give its existing entityID, even if it appears to be federation-specific. If it is not already a member of another federation, please consult the UK federation entityID policy.
- Service Display Name: A brief name for the service. This name may be displayed on IdP login pages, and will be displayed on the Central Discovery Service (CDS) if your SP uses the CDS. Please see the federation MDUI Recommendations page for more information.
- OrganizationURL: The URL of a web page providing a description of the organisation providing the service.
- Support contact: The name and email address for one or more Support contacts.
- Technical contact: The name and email address for one or more Technical contacts.
- Administrative contact: The name and email address for one or more Administrative contacts.
- Automatically generated metadata: The OpenAthens software generates metadata matching your configuration. Please see Eduserv's documentation for the URL pointing to that metadata.
Please include that URL in your registration.
- Requested Attributes: (recommended) Include information on the attributes your SP can use. The name of the attributes only will suffice (see the Requested Attributes page for further information). We recommend inclusion of attributes as part of the registration process to facilitate interoperability, especially with IdPs registered in other federations and imported via eduGAIN.
- Software: (recommended) The SAML product name and software version of your chosen SP software. This information enables us to gauge appropriate support levels for software in use within the federation, and we do not publish this information.
- Logo: (recommended) The HTTPS-protected URL of a suitable logo. This logo may be displayed on IdP login pages, and will be displayed on the Central Discovery Service (CDS) if your SP uses the CDS. Please see the federation MDUI Recommendations page for more information.
- Description: (recommended) A short (100 character) description of the service. It may appear on the IdP login pages. Please see the federation MDUI Recommendations page for more information.
- Sirtfi compliance: If your SP complies with the Sirtfi incident response framework, please indicate that the SP has passed a self-assessment of Sirtfi v1.0. See our Sirtfi documentation page for more information.
- Security contact: The name and email address of a security contact. This is mandatory for Sirtfi-compliant SPs.
- Information for Service Catalogue Send us additional information to add to our Available Services page at registration time. See How to add your Service to the list.
- Research & Scholarship (R&S) entity category: If your SP facilitates research collaboration, it may be eligible for the REFEDS R&S entity category. See our REFEDS R&S documentation page for more information.
- Data Protection Code of Conduct: If your SP is based in the EU/EEA and follows the good practices described in the GÉANT Data Protection Code of Conduct, you can assert that your SP follows the code. See our GÉANT Data Protection Code of Conduct page for more information.