OpenAthens
      Back to home
      1. Help and Support | Digital Theatre+
      2. Authentication
      3. OpenAthens

      Using OpenAthens for SAML Single Sign On

      This article includes information to assist organisations who use OpenAthens for SAML Single Sign On (both via SAML Federations and via bilateral trust)

      Please not that Digital Theatre+ is not federated within the OpenAthens Federation.

      Digital Theatre+ supports authentication using OpenAthens using either SAML Federations (such as UK Access Management Federation, InCommon or EduGain) or bilateral (1:1) trust.

      Requesting SAML Single Sign On

      Please use this form to start the process: https://sso.digitaltheatreplus.com

      Allocate the Digital Theatre+ application

      openathenscatalogue

      Required attributes

      Customers wishing to authenticate via SAML Single Sign On will need to release either:

      For direct (bilateral/1:1) configurations:

      1. Subject Name ID or another attribute containing a persistent identifier for the user that has the syntax of an email address.

      For federated configurations:

      Either:

      1. eduPersonPrincipalName (and the value matches an email syntax), or,
      2. eduPersonTargetedID and eduPersonScopedAffiliation (which OpenAthens releases by default)

      eppn

      Supporting information

      Information to provide Digital Theatre+

      For access via SAML Federation (e.g. UKAMF, InCommon, EduGain)

      Please provide the entity ID associated with your organisation, so that we may access your metadata via the Metadata Explorer Tool.  For example:  https://shib.raven.cam.ac.uk/shibboleth

      For access via bilateral (1:1) custom SAML trust

      Please provide the URL to your Identity Provider's Metadata XML file.  For example: https://login.openathens.net/saml/2/metadata-idp/lindenwood.edu

      Supporting information

      Configuring OpenAthens for access via SAML Federations

      Restrictive mode

      • You will need to allocate the Digital Theatre+ resource.  You can do this by searching for the resource in the catalogue using our Service Provider entity ID: https://auth.digitaltheatreplus.com

      restrictive

      Permissive mode

      • You do not need to allocate the resource.

      Configuring OpenAthens for access via bilateral (1:1) trust

      • You will need to upload the Service Provider Metadata XML file that will be provided by our support team to create a custom SAML resource in your catalogue. You 
        reply to the support email thread, or if you have not started the process, open a new request via https://sso.digitaltheatreplus.com
      • Instructions for doing this are available in the OpenAthens Identity Documentation
      • If your OpenAthens instance is in restrictive mode, you will need to allocate it as described above