Integrating library information providers via SAFIRE
There is considerable interest in leveraging SAFIRE and eduGAIN to integrate with the various library information providers, such as academic content, journal, and database publishers. Information providers variously term this “Shibboleth”, “SAML” or “Institutional” logins, and in most cases are already integrated with other federations around the world.
The following documents the integration status of various providers in SAFIRE.
Libraries need to contact American Physical Society support and request Shibboleth access (see documentation -> Shibboleth/Institutional Single Sign-on/OpenAthens)
Libraries need to contact American Psychological Association support to request SAML (Shibboleth) access (see documentation).
Discovery problem - Once your institution is set up, select your institution’s name from the 'OpenAthens' drop-down menu. This list, labelled 'OpenAthens', also includes institutions using SAML (sometimes called Shibboleth).
Libraries need to contact support to enable federated (SAML/sometimes called Shibboleth) access (see documentation).
Discovery problem - Once your institution is set up, to login you need to click on "UK Shibboleth". You then can type the name of your institution to be redirected to your login page.
This is marked working but untested because we’ve had no confirmation of a SAFIRE participant using it successfully. However, because the service appears to have adopted SeamlessAccess it’s highly likely that it works in an interoperable way.
Libraries need to contact De Gruyter Brill Customer Service Team to request federated (Shibboleth) access be enabled. Libraries will need to provide their institution’s proxied entity id (See documentation).
This is marked working but untested because we’ve had no confirmation of a SAFIRE participant using it successfully. However, because the service appears to have adopted SeamlessAccess it’s highly likely that it works in an interoperable way.
Libraries need to contact HSTalks support to enable federated (SAML/sometimes called Shibboleth) access (see discovery page If your institution is not listed) for more information.
Libraries need to supply IOP with their proxied entity id to enable federated (SAML/sometimes called Shibboleth) access . IOP recommends using a WAYFless URL.
While there is some information available at the documentation link, and at Access through your institution, it is unclear what libraries exactly need to do to enable Federated Access. Unless it is not clear in the admin portal, libraries should contact JAMA Network support for more information, or assistnce on enabling federated (SAML/sometimes called Shibboleth) access .
Libraries need to generate a WAYFless URL using their proxied entity id and send it to JSTOR support to get themselves listed. Can negotiate specific values of eduPersonScopedAffiliation.
Libraries need to ask kanopy to enable Shibboleth and send them their proxied entity id. It may help to mention that your metadata is already exported to the UK Access Federation via eduGAIN.
Libraries need to contact Kortext support and request Login access be enabled, using their proxied entity id. It may help to mention that your metadata is already exported to the UK Access Federation via eduGAIN
Libraries need to contact Kluwer Law Online support and request federated (SAML/sometimes called Shibboleth) access be enabled. Technical support contact form is available at the login page
Status since
September 2025
This provider appears to have adopted SeamlessAccess for login, which is a new standard that greatly improves the user experience.
LexisNexus International
Status
Tested, discovery problem
Login link terminology
Use Academic Sign-in
Notes
Metadata for South African institutions exists, and a WAYFless URL reaches the right identity provider. LexisNexus indicate support UK Fed and InCommon. Needs an institution using LexisNexus.com to engage with them about the next steps.
Thus far, both SAFIRE & two universities have reached out to LexisNexus SA about this. LexisNexus SA have indicated that it is on their roadmap for investigation starting in September 2020. [TENET:4612]; as of October 2025 engagements continue with LexisNexus SA indicating they’d like to participate in a trial [TENET:0163142].
Entity is the same as LexisNexis global, so in theory metadata exists.
This provider appears to have adopted SeamlessAccess for login, which is a new standard that greatly improves the user experience.
MathWorks
Status
Tested, working
Notes
Institutions need to contact MathWorks to enable; will need to supply an appropriate scoped affiliation. The mail attribute is used to match existing profiles and set them for SSO.
Metadata for South African institutions exists, and a WAYFless URL reaches the right identity provider. At least one university has reported that this works correctly. However, there’s no obvious end-user method of reaching an institutional login page.
There is, however, a user guide available at the documentation link on how to use your institutional credentials to sign in via SeamlessAccess.
While SAFIRE IdP’s are found at OpenAthens | Institutional, they are not necessarily authorised to access the service. No documentation has been found on what libraries need to do to enable federated (Shibboleth/institutional) access, but the most likely course of action would be to contact Ovid SP support to request that access be enabled for your institution.
This is marked working but untested because we’ve had no confirmation of a SAFIRE participant using it successfully. However, because the service appears to have adopted SeamlessAccess it’s highly likely that it works in an interoperable way.
Status since
September 2025
This provider appears to have adopted SeamlessAccess for login, which is a new standard that greatly improves the user experience.
Oxford University Press
Status
Tested, working
Login link terminology
Sign in through your Institution
Notes
At least the following products are known to be working Oxford Music Online, Oxford Journal Collection, Oxford Research Encyclopedias, and OUP Law
Proceedings of the National Academy of Sciences of the United States of America (PNAS)
Institutions need follow documentation on enabling remote access. You will need your institutions proxied entity id to complete the confirguration at the institutional subscriber account page.
While Sabinet is a direct participant in SAFIRE, Sabinet African journals uses Atypon SP and is learnt via interfederation. To enable, contact Sabinet Client Support
While Sabinet is a direct participant in SAFIRE, libraries may need to contact Sabinet Client Support to enable federated (SAML/sometimes called Shibboleth) access for Sabinet Discover (see documentation).
Libraries need to contact Sage Online Technical Support to request Federated (Shibboleth) Access. See documentation.
This is marked working but untested because we’ve had no confirmation of a SAFIRE participant using it successfully. However, because the service appears to have adopted SeamlessAccess it’s highly likely that it works in an interoperable way.
Institutions will need to have their unique organisation ID/scope registered to their account to permit access to their users. Institutional administrators can enter their Shibboleth credentials themselves, or provide T&F with the details and they can add this to their account on their behalf.
Institutions need to contact their support representative to request access. They will need to provide their proxied entity id.
At the moment, South African entities appear under “Great Britain (UK Federation)”. Thieme is aware of this and working on a solution [TENET:0022281]. However, it can be worked around with a properly constructed WAYFless URL containing a Base64-encoded JSON object (SAFIRE can help you generate this).
Web of Science / Web of Knowledge (Clarivate Analytics)
Status
Tested, discovery problem
Login link terminology
Institutional sign in
Notes
Appears under UK Federation
Status since
June 2021
Westlaw UK (Thomson Reuters)
Status
Tested, working
Login link terminology
Access through academic federation
Notes
Libraries need to contact their support representative and request Shibboleth access. They will need to provide their proxied entity id. No ARP because Thomson Reuters have not published a privacy policy.
Libraries need to contact Customer Care to enable federated (Shibboleth) access. libraries will also need their institution’s proxied entity id as part of the process (See documentation).
If there’s something missing from the above, the information is out of date (or you know something we don’t), or you’d simply like to help us unlock one of the other information providers, please contact us! Our experience is it takes one or two interested libraries to help make the first connection, and then the entire community benefits from improved access.
Publishers and information providers may ask you for a copy of your institution’s SAML/XML metadata, or for a URL where this can be downloaded from. Metadata is needed for a one-to-one (bi-lateral) setup and the provider may assume that this is what you’re trying to do. However, it should not needed for federated login — if they participate in federation, the provider should already have your metadata which they’ve learnt via eduGAIN and from another federation.
Reinforce that you’re trying to set up a federated SAML authentication and ask them to check and see if they’ve learnt metadata for your entity ID (see below) from eduGAIN. You might be able to see the provider listed on met.refeds.org which would confirm this is the case. (It might also be useful to know that majority of the publishers and information providers listed here are registered via the UK Access Management Federation, and that SAFIRE learns metadata from them via eduGAIN.)
If you can’t get beyond this step, please contact us and put us in touch with them.
Entity ID
You will usually be asked for an entity ID or IdP identity. Entity IDs are globally unique persistent identifiers (think of them as like an ORCID iD or DOI for a specific service- or identity-provider). Yours uniquely identifies your institution’s identity provider to the service.
If the provider is accessing your identity provider via eduGAIN, the value they will need is your institution’s proxied entity ID. You can get this by finding on your institution in our list of identity providers and looking at the Metadata entityID field. Note: it always starts with https://proxy.safire.ac.za/….
Wayfless URLs
You may also be asked to make use of a “Wayfless” URL. Different providers have different mechanisms for constructing these, so you will need to refer to the providers’s documentation. However, they will always involve a URL-encoded version of your entity ID — to get this, find your institution in our list of identity providers and then click on the Metadata entityID field to expand it. This will display other forms of the entity ID, including the Wayfless entityID for you to copy-and-paste.
You may be asked for affiliation or scoped affiliation values. These are the values your institution sets for eduPersonScopedAffiliation and will be a value like member@example.ac.za. You may be able to figure out the correct ones by logging into our test service provider, but generally you should confirm them with your own identity provider administrator or IT support staff.
eduPersonScopedAffiliation uses a controlled vocabulary with member being the most permissive term. So member@example.ac.za is akin to saying “all staff, students, and affilates of example.ac.za”. If you are licensing resources to specific subsets of your community, you may want a more specific term. However, check with your IdP admin for what your institution supports!
eduPersonEntitlement
If you are asked for an entitlement value, you will most likely use urn:mace:dir:entitlement:common-lib-terms as described in the common-lib-terms specification and eduPersonEntitlement. However, note that SAFIRE does not release this by default so this will only work if we’ve explictly enabled it (which will be the case for ones marked as working that require this).
Attributes
SAFIRE’s default attribute release policy releases the attributes most commonly needed by library and information providers in support of pseudonymous access. We also release the correct attributes for any provider marked as working above. However, if a provider tells you they require more/other attributes, you will need to let us know (preferably with a reference to documentation).
Hints from other federations
Other federations have links to providers’ documentation that may prove useful to those trying to get this to work:
