Using OpenAthens for SAML Single Sign On

This article includes information that may assist organisations who use OpenAthens for SAML Single Sign On (both via UK Federation and via bilateral trust)

Please not that Digital Theatre+ is not federated within the OpenAthens Federation.

Digital Theatre+ supports authentication using OpenAthens via UK Federation or bilateral (1:1) trust.

Allocate the Digital Theatre+ application

openathenscatalogue

Required attributes

Customers wishing to authenticate via SAML Single Sign On will need to release either:

  1. eduPersonPrincipalName (and the value matches an email syntax), or,
  2. eduPersonTargetedID and eduPersonScopedAffiliation (which OpenAthens releases by default)

Supporting information

Information to provide Digital Theatre+

For access via UK Federation

Please provide the entity ID associated with your organisation, so that we may access your metadata via the Metadata Explorer Tool.  For example: https://shib.raven.cam.ac.uk/shibboleth

For access via bilateral (1:1) custom SAML trust

Please provide the URL to your Identity Provider's Metadata XML file.  For example: https://login.openathens.net/saml/2/metadata-idp/lindenwood.edu

Supporting information

Configuring OpenAthens for access via UK Federation or InCommon Federation

Restrictive mode

  • You will need to allocate the Digital Theatre+ resource.  You can do this by searching for the resource in the catalogue using our Service Provider entity ID: https://auth.digitaltheatreplus.com

Permissive mode

  • You do not need to allocate the resource.

Configuring OpenAthens for access via bilateral (1:1) trust

  • You will need to upload the Service Provider Metadata XML file that will be provided by support@digitaltheatreplus.com in order to create a custom SAML resource in your catalogue.
  • Instructions for doing this are available in the OpenAthens Identity Documentation
  • If your OpenAthens instance is in restrictive mode, you will need to allocate it as described above