Skip to main content
Support - EBSCO Help

How to integrate your OpenAthens subscription with the InCommon federation

OpenAthens has partnerships with multiple federations including UKFED and InCommon.

Members of multiple federations can get additional benefits by integrating their existing federation with OpenAthens:

  • OpenAthens Redirector linking: use a consistent linking prefix for OAFED/UKFED/InCommon providers. Make WAYFLess linking easy!
  • Use a single SSO session to access all library providers – decrease user logins
  • Access to more federated providers in your OpenAthens resource catalogue
  • Minimize IT involvement in library resource activation – get a simple administrator interface and 24/7 EBSCO support
  • Get flexible login options – Get the benefit of OpenAthens’ robust login options to connect additional user directories OR create OpenAthens accounts for users that aren’t in your institutional directory (e.g. guests or alumni)
  • Get granular OpenAthens statistics for InCommon/UKFED providers

What do you need to do?

Review your options with your IT department. IT manage the set-up of all University applications with your existing federation. They will need to approve any changes to the way access is managed.

Contact EBSCO (support@ebsco.com) if you would like to start the set-up or discuss your options.

What providers are accessed using your existing SAML federation (InCommon/UKFED)?

  1. Get the name of the IT contact who manages membership of your federation

  2. Ask your contact(s) to list:

    1. ALL providers accessed via the federation. The list must include: library subscriptions and University/system applications

    2. Identify any providers that require personal data (claims/attributes) e.g. emailAddress. List the attributes required for each provider.

Review your Options

There are four set-up options with different benefits. Review the options with your IT contact. You can compare the options with this table.

Option 1: Fully integrated federations

Core benefit: You get all the benefits listed in the introduction.

  • IT must read the migration requirements in this document: http://docs.openathens.net/display/public/MD/Migrating+from+your+own+IdP

  • IT can work with EBSCO to migrate existing providers to OAFED and/or duplicate attribute release policies to retain personalization

  • IT would update InCommon to use OpenAthens IdP metadata endpoints (instructions will be provided) and the same EntityID (as your SAML IdP).

  • Access to existing InCommon/UKFED EntityID would be retained (see above FAQ).

  • Your SAML Identity Provider (e.g. Shibboleth) will be the Identity Provider of OpenAthens

  • OpenAthens would act as the Identity Provider of InCommon/UKFED (but you would be using the same source user directory)

  • Going forward, IT/Library would set-up all federated applications through OpenAthens admin. IT could still register new InCommon service providers with InCommon (these will appear in the OpenAthens catalogue where attribute release would be configured)

  • You can use redirector links for both federations

Option 2: Integrated federations (library with unique InCommon entityID)

Core benefit: Simplify the management of library applications to a simple library-managed interface. IT will retain independent management of the original InCommon/UKFED entityID – reducing any risk to active University service providers.

  • IT would not need to migrate University applications – they would continue to be managed through the current InCommon entityID – service would be retained.

  • IT would work with EBSCO to migrate existing library applications to OpenAthens and/or copy attribute release policies to retain personalization.

  • IT would register a NEW EntityID with InCommon/UKFED (metadata will be supplied by EBSCO) for management of library subscriptions/applications. This would be used for any federated providers not available through OAFED. There may be fees associated if you register a second EntityID with InCommon – consult your federation support desk.

  • Your SAML Identity Provider (e.g. Shibboleth) will be the Identity Provider of OpenAthens

  • OpenAthens would be as the Identity Provider of InCommon/UKFED (for library applications)

  • Going forward, the library would manage set-up of all library subscriptions through OpenAthens admin (minimal IT assistance required)

  • You can use Redirector links for both federations

Option 3: Parallel federations (no InCommon integration)

Core benefit: No changes need to be made to InCommon metadata. The library would manage access to applications primarily through OpenAthens.

  • IT would not make any updates to InCommon or existing applications

  • All library service providers would need to be migrated to OpenAthens (or managed outside OpenAthens). This relies on the providers either joining the federation or allowing us to set-up one-to-one SAML connections by exchanging metadata. EBSCO could assist with this but the library may also need to speak to providers too.

  • Going forward, library would manage set-up of all library subscriptions through OpenAthens admin (minimal IT assistance required)

  • Any providers that are only available through InCommon would need to be set-up through IT. EBSCO would not support contacting the providers.

  • You can’t use redirector links to InCommon providers. The library would need to use the provider’s WAYFLess syntax (if InCommon access is activated)

Option 4: Parallel federations (redirector integration only)

Core benefit: No changes need to be made to InCommon metadata. The library could use redirector links for InCommon providers

  • IT would not make any updates to InCommon or existing applications

  • Library service providers may need to be migrated to OpenAthens.

  • Going forward, library would manage set-up of all library subscriptions through OpenAthens admin with EBSCO support (minimal IT assistance required)

  • Any providers that are only available through InCommon would need to be set-up through IT. EBSCO would not support these providers.

  • You will be able to use Redirector links to InCommon providers but they will not use the same SSO session. Users will have to login once for each federation.

Additional Notes

Not a member of InCommon yet? You can get these benefits by joining the InCommon federation. You can register using your OpenAthens metadata. Ask us how support@ebsco.com!

Read More: http://docs.openathens.net/display/public/MD/Migrating+from+your+own+IdP