This article includes information to assist organisations who use OpenAthens for SAML Single Sign On (both via SAML Federations and via bilateral trust)
Please not that Digital Theatre+ is not federated within the OpenAthens Federation.
Digital Theatre+ supports authentication using OpenAthens using either SAML Federations (such as UK Access Management Federation, InCommon or EduGain) or bilateral (1:1) trust.
Requesting SAML Single Sign On
Please use this form to start the process: https://sso.digitaltheatreplus.com
Allocate the Digital Theatre+ application
Customers wishing to authenticate via SAML Single Sign On will need to release either:
For direct (bilateral/1:1) configurations:
- Subject Name ID or another attribute containing a persistent identifier for the user that has the syntax of an email address.
For federated configurations:
- eduPersonPrincipalName (and the value matches an email syntax), or,
- eduPersonTargetedID and eduPersonScopedAffiliation (which OpenAthens releases by default)
- OpenAthens documentation for How to release eduPersonPrincipalName
Information to provide Digital Theatre+
For access via SAML Federation (e.g. UKAMF, InCommon, EduGain)
For access via bilateral (1:1) custom SAML trust
Please provide the URL to your Identity Provider's Metadata XML file. For example: https://login.openathens.net/saml/2/metadata-idp/lindenwood.edu
- OpenAthens documentation for How to access your login.openathens.net metadata
Configuring OpenAthens for access via SAML Federations
- You will need to allocate the Digital Theatre+ resource. You can do this by searching for the resource in the catalogue using our Service Provider entity ID: https://auth.digitaltheatreplus.com
- You do not need to allocate the resource.
Configuring OpenAthens for access via bilateral (1:1) trust
- You will need to upload the Service Provider Metadata XML file that will be provided by our support team to create a custom SAML resource in your catalogue. You
reply to the support email thread, or if you have not started the process, open a new request via https://sso.digitaltheatreplus.com
- Instructions for doing this are available in the OpenAthens Identity Documentation.
- If your OpenAthens instance is in restrictive mode, you will need to allocate it as described above