Authentication Options
We offer TCP/IP Authentication, SAML/Shibboleth Authentication, HAN Server Authentication and individual user authentication as described below.
TCP/IP Authentication
About TCP/IP Address Authentication
To support TCP/IP address range authentication, we use the IP address ranges that are assigned to your institution at The IP Registry. If you should ever need to adjust these, simply edit your information at the registry and our system will automatically receive the update. If your institution wishes to use TCP/IP Address Range Authentication, and you are not currently listed in the IP Registry, you may add your address ranges to this registry for free.
The PSI IP Registry
To use theIPregistry.org, follow these simple steps:
Register for free with theIPregistry.org
Confirm the IPs currently listed for your institution and affiliated sites.
Communicate IP changes by adding or deleting IP addresses as necessary.
If you are newly adding your institution to the registry, let Coherent Digital know at support@coherentdigital.net.
PSI is willing to help. If your organization has a PSI IpRegistry entry but you do not have a login to PSI, contact them at admin@theIPregistry.org and they will assist in updating your registry entry. If you have any questions about using theIPregistry.org please see their FAQs.
EZproxy Configuration
Coherent Digital maintains official database stanzas at the OCLC website for EZproxy.
Africa Commons Database Stanza
History Commons Database Stanza
Mindscape Commons Database Stanza
SAML/Shibboleth Authentication
About SAML (Shibboleth) Authentication
Coherent Digital supports both Federated SAML Authentication as well as ‘Bi-lateral’ metadata exchange.
Bi-lateral metadata exchange is used when the customer is not a member of a federation, or Coherent Digital is not a member of the same federation. This approach is also suitable for other SAML-based single-sign-on solutions like Microsoft Azure AD.
Currently Coherent Digital is a registered Service Provider at the following federations:
See our entry at REFEDs metadata explorer for up-to-date details.
SAML Configuration
For SAML (Shibboleth) Authentication, please provide the following to support@coherentdigital.net:
Federated SAML/Shibboleth Configuration:
Your EntityID
Your Federation
For Bi-lateral Metadata Exchange, please provide:
The URL of your Identity Provider metadata (or the metadata in XML format)
Coherent Digital’s SAML Information:
EntityID: https://sp.coherentdigital.net/entity
Metadata URL: https://connect.liblynx.com/entity/sp/coherent
Required Attribute(s):
None. Any user who successfully authenticates at the configured Identity Provider is provided anonymous access to your subscribed databases.
WAYFless URLs
Once the SAML configuration is complete for your institution, a WAYFless URL may be used to log your users into a site without having to encounter a ‘Where-are-you-from’ page. WAYFless URLs are what you would use in your A-to-Z database menu for remote users. An example is provided here:
Example: Policy Commons
https://policycommons.net/start-session?entityID=your- entityID
Notes:
Replace ‘your-entityID’ in the above URL with a URL-encoded version of your institution’s SAML Identity Provider Entity ID
To place the user at a deep page, an optional &target= parameter may contain any valid (encoded) URL at the destination product. Without an &target=, the authenticated user will be placed at the destination site’s home page.
All Coherent Digital sites use the same WAYFless URL syntax. Replace policycommons.net with any other Coherent Digital site domain.
This WAYFless URL syntax is considered a Service-Provider-initiated WAYFless URL (because the session starts at the Coherent Digital site and then redirects to your Identity Provider to log the user in if they don’t already have an active session.) Your Identity Provider will also support a (different) WAYFless URL syntax that starts at the Identify Provider domain. This Identity-Provider Initiated WAYFless URL will indicate the database site you want the user to be sent to after logging in. Please contact your Identity Provider vendor for information about the WAYFless URL syntax they support. You would use either a service-provider initiated or identity-provider initiated URL in your database menu.
Registered User Authentication
Individual users may gain access to an institutional subscription by registering on the product site using an institutional email account. Users will follow the link to the login/sign-up form at the top of the product’s home page. After registration, the user will receive a confirmation message in their email inbox that they must respond to to complete the registration process.
To allow this type of authentication, Coherent Digital needs to configure the email domain(s) for your institution. If your email address domain matches the top-level domain of your institution, in many cases we will already have that configured into your account. If other domains need to be supported, please send an email to support@coherentdigital.net
HAN Server Authentication
Coherent Digital supports authentication via HAN Server reverse proxies. Let support@coherentdigital.net know the domain name of your HAN server and we can configure that type of access for your institution.