This article includes information that may assist organisations who use OpenAthens for SAML Single Sign On (both via Federations and via bilateral trust)
Please not that Digital Theatre+ is not federated within the OpenAthens Federation.
Digital Theatre+ supports authentication using OpenAthens via Federations (such as UK Access Management Federation or InCommon) or bilateral (1:1) trust.
Allocate the Digital Theatre+ application
Required attributes
Customers wishing to authenticate via SAML Single Sign On will need to release either:
- eduPersonPrincipalName (and the value matches an email syntax), or,
- eduPersonTargetedID and eduPersonScopedAffiliation (which OpenAthens releases by default)
Supporting information
- OpenAthens documentation for How to release eduPersonPrincipalName
Information to provide Digital Theatre+
For access via UK Federation
Please provide the entity ID associated with your organisation, so that we may access your metadata via the Metadata Explorer Tool. For example: https://shib.raven.cam.ac.uk/shibboleth
For access via bilateral (1:1) custom SAML trust
Please provide the URL to your Identity Provider's Metadata XML file. For example: https://login.openathens.net/saml/2/metadata-idp/lindenwood.edu
Supporting information
- OpenAthens documentation for How to access your login.openathens.net metadata
Configuring OpenAthens for access via UK Federation or InCommon Federation
Restrictive mode
- You will need to allocate the Digital Theatre+ resource. You can do this by searching for the resource in the catalogue using our Service Provider entity ID: https://auth.digitaltheatreplus.com
Permissive mode
- You do not need to allocate the resource.
Configuring OpenAthens for access via bilateral (1:1) trust
- You will need to upload the Service Provider Metadata XML file that will be provided by support@digitaltheatreplus.com in order to create a custom SAML resource in your catalogue.
- Instructions for doing this are available in the OpenAthens Identity Documentation.
- If your OpenAthens instance is in restrictive mode, you will need to allocate it as described above