Upload
eduserv
View
62
Download
0
Embed Size (px)
Citation preview
www.eduserv.org.uk/openathens
OpenAthens Service ProviderBreakout session 1 for Publishers
9 November 2016
OpenAthens Service Provider as a service
• Phil Leahy (OpenAthens Service Relationship Manager)• David Orrell (OpenAthens System Architect)• Andy Anderson (OpenAthens Training Manager and QA
Analyst)
1. Authentication: Providing the best possible end-user experience
2. Single Sign-On: Enabling simple SSO within publishing platforms
3. Establishing standards: Driving common standards for interoperability
4. Facilitating discussions: Providing forums for discussion5. Embracing change: Understanding that change is constant
www.eduserv.org.uk/openathens
OpenAthens Service Provider9 November 2016
• Overview of OpenAthens• As an identity provider and a service provider
• How can we improve OpenAthens for publishers?• What we’re doing
OpenAthens
• Web-based Single Sign-On (SSO) and identity management
• Connect to multiple federations/communities using Open Standards (SAML)
OpenAthens advantages
• For organisations/users• Single account, seamless access across sites
• For publishers• Integrate once, connect to multiple communities
OpenAthens OrganisationService Provider
Sign-on using OpenAthens
Attributes
Attributes
• Where is the user from?• Who is the user (pseudonym)?• User’s role or entitlement• Name/email etc.
Organisation(Identity Provider)
Service Provider
Attributesvia SAML
OpenAthens OrganisationService Provider
Sign-on using OpenAthens
???
User authentication in OpenAthens
• 2 routes for organisations• Managed• Local directory integration
• Managed identity as a service• Upload via Web or bulk load• REST APIs
• Self-registration
Local directory integration
• OpenAthens can connect existing system• LDAP, ADFS• REST APIs
OpenAthens SP today
Identityprovider
Identityprovider
Identityprovider
Application
SAML
OASP
Service Provider
Integration API
Environment:Apache, Java, .NET
Configuration
Federation
OpenAthens
Customer feedback
• Not familiar with concepts of federated identity• Installation and configuration steps unclear• Changes take too long to take effect
• or require contact with Service Desk
Phase 1
Customer feedback
• Locally installed software required• prefer to use an API
• Integrating with multiple applications is complex• duplication of configuration and registration
• End-user experience inconsistent and confusing
Phase 2
Single Dashboard
Service Provider Federation
New Service Provider Dashboard
• Guided setup process• Clearer sign-posting of steps
• Much improved documentation• Near instantaneous updates
• Faster turn-around on testing• Registering for OpenAthens Federation
• No longer necessary!
Phase 1 available next week!
Questions?
Intermission