There is considerable interest in leveraging SAFIRE and eduGAIN to integrate with the various library information providers, such as academic content, journal, and database publishers. Information providers variously term this “Shibboleth”, “SAML” or “Institutional” logins, and in most cases are already integrated with other federations around the world.
The following documents the integration status of various providers in SAFIRE.
Association for Computing Machinery (ACM)
American Chemical Society
Intembeko ORCID Hub (TENET)
JoVE (Journal of Visualized Experiments)
LexisNexus South Africa
Nature.com / SpringerNature
Oxford University Press
ProQuest (Dissertations & Theses Global)
Radiological Society of North America
Royal Society of Chemistry
Sabinet African journals
Taylor & Francis Online
Web of Science / Web of Knowledge (Clarivate Analytics)
Westlaw UK (Thomson Reuters)
If there’s something missing from the above, the information is out of date (or you know something we don’t), or you’d simply like to help us unlock one of the other information providers, please contact us! Our experience is it takes one or two interested libraries to help make the first connection, and then the entire community benefits from improved access.
Systems librarians interested in such integrations might also want to consider subscribing to the safire-libs@lists mailing list.
Values needed by information providers
Publishers and information providers may ask you for a copy of your institution’s SAML/XML metadata, or for a URL where this can be downloaded from. Metadata is needed for a one-to-one (bi-lateral) setup and the provider may assume that this is what you’re trying to do. However, it should not needed for federated login — if they participate in federation, the provider should already have your metadata which they’ve learnt via eduGAIN and from another federation.
Reinforce that you’re trying to set up a federated SAML authentication and ask them to check and see if they’ve learnt metadata for your entity ID (see below) from eduGAIN. You might be able to see the provider listed on met.refeds.org which would confirm this is the case. (It might also be useful to know that majority of the publishers and information providers listed here are registered via the UK Access Management Federation, and that SAFIRE learns metadata from them via eduGAIN.)
If you can’t get beyond this step, please contact us and put us in touch with them.
You will usually be asked for an entity ID or IdP identity. Entity IDs are globally unique persistent identifiers (think of them as like an ORCID iD or DOI for a specific service- or identity-provider). Yours uniquely identifies your institution’s identity provider to the service.
If the provider is accessing your identity provider via eduGAIN, the value they will need is your institution’s proxied entity ID. You can get this by finding on your institution in our list of identity providers and looking at the
Metadata entityID field. Note: it always starts with
You may also be asked to make use of a “Wayfless” URL. Different providers have different mechanisms for constructing these, so you will need to refer to the providers’s documentation. However, they will always involve a URL-encoded version of your entity ID — to get this, find your institution in our list of identity providers and then click on the
Metadata entityID field to expand it. This will display other forms of the entity ID, including the
Wayfless entityID for you to copy-and-paste.
You may be asked for affiliation or scoped affiliation values. These are the values your institution sets for eduPersonScopedAffiliation and will be a value like
email@example.com. You may be able to figure out the correct ones by logging into our test service provider, but generally you should confirm them with your own identity provider administrator or IT support staff.
eduPersonScopedAffiliation uses a controlled vocabulary with
member being the most permissive term. So
firstname.lastname@example.org is akin to saying “all staff, students, and affilates of example.ac.za”. If you are licensing resources to specific subsets of your community, you may want a more specific term. However, check with your IdP admin for what your institution supports!
If you are asked for an entitlement value, you will most likely use
urn:mace:dir:entitlement:common-lib-terms as described in the common-lib-terms specification and eduPersonEntitlement. However, note that SAFIRE does not release this by default so this will only work if we’ve explictly enabled it (which will be the case for ones marked as working that require this).
SAFIRE’s default attribute release policy releases the attributes most commonly needed by library and information providers in support of pseudonymous access. We also release the correct attributes for any provider marked as working above. However, if a provider tells you they require more/other attributes, you will need to let us know (preferably with a reference to documentation).
Hints from other federations
Other federations have links to providers’ documentation that may prove useful to those trying to get this to work: