There is considerable interest in leveraging SAFIRE and eduGAIN to integrate with the various library information providers, such as academic content, journal, and database publishers. Information providers variously term this “Shibboleth”, “SAML” or “Institutional” logins, and in most cases are already integrated with other federations around the world.
The following documents the integration status of various providers in SAFIRE.
Association for Computing Machinery (ACM)
American Chemical Society
BioOne
Cambridge Core
Dawsonera
De Gruyter
EBSCO
Elsevier ScienceDirect/Scopus
Emerald Insight
Encyclopædia Britannica
Gale Cengage
IEEE Xplore
IOP Science
JSTOR
Intembeko ORCID Hub (TENET)
JoVE (Journal of Visualized Experiments)
kanopy
Kortext
LexisNexus International
LexisNexus South Africa
MathWorks
McGraw-Hill Medical
Nature.com / SpringerNature
Newsbank
ORCID
Ovid SP
Oxford University Press
ProQuest (Dissertations & Theses Global)
ProQuest (RefWorks)
Radiological Society of North America
Royal Society of Chemistry
Sabinet African journals
Sabinet Reference
Sabinet Legal
SAGE
SpringerLink
Taylor & Francis Online
Thieme Connect
Web of Science / Web of Knowledge (Clarivate Analytics)
Westlaw UK (Thomson Reuters)
Wiley
If there’s something missing from the above, the information is out of date (or you know something we don’t), or you’d simply like to help us unlock one of the other information providers, please contact us! Our experience is it takes one or two interested libraries to help make the first connection, and then the entire community benefits from improved access.
Systems librarians interested in such integrations might also want to consider subscribing to the safire-libs@lists mailing list.
Values needed by information providers
Metadata
Publishers and information providers may ask you for a copy of your institution’s SAML/XML metadata, or for a URL where this can be downloaded from. Metadata is needed for a one-to-one (bi-lateral) setup and the provider may assume that this is what you’re trying to do. However, it should not needed for federated login — if they participate in federation, the provider should already have your metadata which they’ve learnt via eduGAIN and from another federation.
Reinforce that you’re trying to set up a federated SAML authentication and ask them to check and see if they’ve learnt metadata for your entity ID (see below) from eduGAIN. You might be able to see the provider listed on met.refeds.org which would confirm this is the case. (It might also be useful to know that majority of the publishers and information providers listed here are registered via the UK Access Management Federation, and that SAFIRE learns metadata from them via eduGAIN.)
If you can’t get beyond this step, please contact us and put us in touch with them.
Entity ID
You will usually be asked for an entity ID or IdP identity. Entity IDs are globally unique persistent identifiers (think of them as like an ORCID iD or DOI for a specific service- or identity-provider). Yours uniquely identifies your institution’s identity provider to the service.
If the provider is accessing your identity provider via eduGAIN, the value they will need is your institution’s proxied entity ID. You can get this by finding on your institution in our list of identity providers and looking at the Metadata entityID field. Note: it always starts with https://proxy.safire.ac.za/….
Wayfless URLs
You may also be asked to make use of a “Wayfless” URL. Different providers have different mechanisms for constructing these, so you will need to refer to the providers’s documentation. However, they will always involve a URL-encoded version of your entity ID — to get this, find your institution in our list of identity providers and then click on the Metadata entityID field to expand it. This will display other forms of the entity ID, including the Wayfless entityID for you to copy-and-paste.
Our colleagues at the UK Access Management Federation have also developed a very useful utility that can generate a Wayfless URL for you.
eduPersonScopedAffiliation
You may be asked for affiliation or scoped affiliation values. These are the values your institution sets for eduPersonScopedAffiliation and will be a value like member@example.ac.za. You may be able to figure out the correct ones by logging into our test service provider, but generally you should confirm them with your own identity provider administrator or IT support staff.
eduPersonScopedAffiliation uses a controlled vocabulary with member being the most permissive term. So member@example.ac.za is akin to saying “all staff, students, and affilates of example.ac.za”. If you are licensing resources to specific subsets of your community, you may want a more specific term. However, check with your IdP admin for what your institution supports!
eduPersonEntitlement
If you are asked for an entitlement value, you will most likely use urn:mace:dir:entitlement:common-lib-terms as described in the common-lib-terms specification and eduPersonEntitlement. However, note that SAFIRE does not release this by default so this will only work if we’ve explictly enabled it (which will be the case for ones marked as working that require this).
Attributes
SAFIRE’s default attribute release policy releases the attributes most commonly needed by library and information providers in support of pseudonymous access. We also release the correct attributes for any provider marked as working above. However, if a provider tells you they require more/other attributes, you will need to let us know (preferably with a reference to documentation).
Hints from other federations
Other federations have links to providers’ documentation that may prove useful to those trying to get this to work: