OVERVIEW
OpenAthens is fundamentally a replacement for the GALILEO proxy servers, but with many added benefits. It will enable end users to sign-in once to any resource from within Primo, EDS, Brightspace, etc, and move from resource to resource without re-entering their credentials. GALILEO has entered into a five-year agreement with EBSCO Information Services(EBSCO) and OpenAthens, and are currently in the early stages of deploying to several pilot institutions. Please read on for further details.
Click here for USG CIO OpenAthens powerpoint presentation from May 21st, 2018
For webinar and training opportunities, click here.
Recordings of past webinars can be found here.
•UK based non-profit, provides authentication services to libraries and library consortia worldwide (NHS, US DoD)
•Partners with EBSCO to provide services to libraries in the US
•SAML based Single Sign On authentication
•Currently, 400 instances of proxy server software to manage off site authentication to GALILEO resources
•IP authentication on campus-not ideal
•GALILEO plans to replace current authentication systems with OpenAthens
•Users will login with a known ID and password
GALILEO Staff and Developers
•No more managing passwords!
•Hosted service, no proxy servers
•Improved data security
•Develop better services
•Better stats
GALILEO Users and Librarians
•No more learning a new password quarterly!
•Easy to remember login creds.
•Customized services possible
•Some local control of access (GLRI)
•School specific stats, assess ROI
•OpenAthens User experience visit: Occurred April 23-27 2018.
•Implementation plan/timeline is being developed
•OpenAthens staff is currently coordinating with IdP managers
•IdP managers and OpenAthens/EBSCO staff will coordinate connection
•IdP will need to pass to OpenAthens (ideally):
•Student/staff Name, unique identifier, school name, status
•OpenAthens staff/EBSCO will reach out to vendors to begin auth setup
•We will identify an institution from each GALILEO consortia to test
•Student logs into GALILEO via OpenAthens
•IdP passes info to OpenAthens (yes/no)
•Once authenticated, a cookie is set and access granted
•If student fails to log out, cookie lasts 8 hours
Pilot phase - test with several institutions.
Then a phased implementation; USG schools will likely be the first to go live, as a cohort
A more detailed timeline is expected around mid May
Training and documentation for local e-resources and IT managers on managing local resources will be forthcoming
We are VERY early on with this process
This is not the same scale as Alma implementation, though not “simple”
Prepare a list of your local resources
Guidelines for resource lists:
If all of your local electronic resources are listed and up to date in GLRI (GALILEO Local Resource Integration), you may not need to generate a list, as the Openathens team can easily pull a list from there.
If your GLRI information is not up to date, please prepare a list of your locally purchased library resources in an excel spreadsheet with the following fields: Vendor/DatabaseName/Local URL (if applicable) / remote URL (if applicable). It is fine to include GALILEO cost share resources as well.
--In either case, be sure to include/cover any subscriptions to oddities, single title publications, etc. that require proxied/login for offsite access.
Communicate with your local IT staff (for identity provider connections—TCSG, K12, and Public Libraries can hold on this for now)
--Below, you will find sample questionnaires for collecting the information OpenAthens will need from your local IT staff to establish the connection to OpenAthens. Note: One sample is filled out for an ADFS connection, the other for a SAML connection. Your local IT staff responsible for managing your active directory will know what to do:
Connection type (ADFS, SAML, CAS)
ADFS
Metadata URL or file
https://sts.example.com/FederationMetadata/2007-06/FederationMetadata.xml
Display Name
oa_displayName
Unique attribute for each user
sAMAccountName
Other attributes to be passed
oa_email
oa_department
Test credentials (if possible)
Xyz/123456
Connection type (ADFS, SAML, CAS)
SAML
Metadata URL or file
https://idp.example.com/idp/shibboleth
Display Name
urn:oid:1.3.6.1.4.1.5923.1.1.1.6
Unique attribute for each user
urn:oid:2.16.840.1.113730.3.1.3
Other attributes to be passed
urn:oid:2.5.4.42
urn:oid:2.16.840.1.113730.3.1.3
Test credentials (if possible)
Xyz/123456
If we can help to facilitate these conversations, please let me know.
Consider groups within OpenAthens
--If there are unique ways access to electronic resources is managed locally for visitors, alumni, or other groups, please be prepared to discuss those groupings at your online meeting with OpenAthens. You may always add your own groups later.