Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenAthens Service Provider in the cloud: development update


Published on

OpenAthens is developing its Service Provider software so it does not need to be installed on our customers' applications or platforms. The objective is to enable federated single sign on without exposing customers to many of the complexities of SAML. Access management will be controlled via an API into a hosted service using OpenID connect which is a modern, standards based authentication protocol. 

The aims of this short webinar are: 

- To update customers to the streamlining of our SP dashboard and our federation manager to improve the customer experience. 

- Introduce the architectural framework that will underpin the extension of our service. 

- Answer questions and receive feedback on the work from our key customers. 

Published in: Technology
  • Be the first to comment

  • Be the first to like this

OpenAthens Service Provider in the cloud: development update

  1. 1. OpenAthens Cloud SP Webinar 24 May 2016 Phil Leahy – OpenAthens Service Relationship Manager David Orrell – OpenAthens System Architect
  2. 2. • What is OpenAthens? • Where next for OpenAthens SP? • Questions
  3. 3. OpenAthens • Web-based Single Sign-On (SSO) and identity management • Connect to multiple federations/communities using Open Standards (SAML)
  4. 4. OpenAthens advantages • For organisations/users • Single account, seamless access across sites • For publishers • Integrate once, connect to multiple communities
  5. 5. OpenAthens OrganisationService Provider Sign-on using OpenAthens Attributes
  6. 6. Attributes • Where is the user from? • Who is the user (pseudonym)? • User’s role or entitlement • Name/email etc. Organisation (Identity Provider) Service Provider Attributes via SAML
  7. 7. SAML federations Service providers Identity Providers
  8. 8. OpenAthens SP Identity provider Identity provider Identity provider Application SAML OASP Service Provider Environment: Apache, Java, .NET
  9. 9. Where next for OpenAthens SP? 1. Simplification of setup and registration 2. Move from ‘installed software’ to APIs • OAuth/OpenID Connect 3. Improving the user-experience
  10. 10. Simplifying setup and registration
  11. 11. Single Dashboard Service Provider Federation
  12. 12. Simplifying setup • Guided setup process in dashboard • Clearer sign-posting of steps • Much improved documentation • Near instantaneous updates • Faster turn-around on testing
  13. 13. Simplifying registration • Registering for OpenAthens Federation • Happens automatically • We are working with other Federations to simplify registration Phase 1 due this summer
  14. 14. APIs, APIs, APIs
  15. 15. OpenAthens SP today Identity provider Identity provider Identity provider Application SAML OASP Service Provider Integration API Environment: Apache, Java, .NET
  16. 16. OpenAthens SP today • Current software modules isolated from application • Inside server module or servlet filter • Limited APIs to code against • Software has ‘heavy-lifting’ to do • SAML metadata • Metadata changes slow to take effect
  17. 17. Next release: OpenAthens SP Cloud Identity provider Service Provider Identity provider Identity provider SAML connector App1 App2 App3 SAML OAuth/OpenID Connect REST Multiple applications can share the same connector SAML connector available as a service
  18. 18. • Dashboard provides • Configuration • Access to logs • Usage statistics • Add additional applications without having to register multiple SAML entities Next release: OpenAthens SP Cloud
  19. 19. User experience
  20. 20. Where are you from? • Users presented with too many options • “OpenAthens login” • “Shibboleth login” • “Institutional login” • “Choose your federation” • Drop-down lists of organisations • Search for organisation • … • Users often don’t even understand the question!
  21. 21. Current issues • One of the most common complaints about Federated sign-in • Too complex for users • Inconsistent experience • A chore for service providers to develop
  22. 22. Current options for discovery • Use a Federation discovery service • Does not work across multiple federations • Does user know their federation? • Build your own using OpenAthens SP API • Build your own using your own data
  23. 23. OpenAthens SP Cloud • “Federated discovery as a service” • Configure and brand via dashboard • Delivered via: • Standalone hosted service • Embeddable JavaScript widget • REST APIs available to build your own • Independent of a given federation but will support any
  24. 24. Phase 1 due this summer Phase 2 due late 2016/early 2017
  25. 25. If you have questions, please enter them here
  26. 26. OpenAthens Cloud SP beta • Register your interest in the webinar poll • Email Phil Leahy: