Authentication

About SAML (Shibboleth) authentication

Coherent Digital supports both Federated SAML Authentication as well as bi-lateral metadata exchange.

Bi-lateral metadata exchange is used when the customer is not a member of a federation, or Coherent Digital is not a member of the same federation. This approach is also suitable for other SAML-based, single-sign-on solutions like Microsoft and Azure AD.

Currently Coherent Digital is a registered Service Provider at the following federations:

• eduGAIN

• InCommon Federation

• SWAMID Federation

• OpenAthens Federation

• Tuakiri Federation

• UK Access Management Federation

• See our entry at REFEDs metadata explorer for up-to-date details.

SAML configuration

For SAML (Shibboleth) authentication, please provide the following to support@coherentdigital.net:

Federated SAML/Shibboleth configuration:

• Your Entity ID

• Your Federation

For bi-lateral metadata exchange, please provide:

• The URL of your Identity Provider metadata (or the metadata in XML format)

Coherent Digital’s SAML information:

• Entity ID: https://sp.coherentdigital.net/entity

• Metadata URL: https://connect.liblynx.com/entity/sp/coherent

• Required Attribute(s): None. Any user who successfully authenticates at the configured Identity Provider is provided anonymous access to your subscribed databases.

WAYFless URLs

Once the SAML configuration is complete for your institution, a WAYFless URL may be used to log your users into a site without having to encounter a "Where Are You From" page. WAYFless URLs are what you would use in your A-to-Z database menu for remote users. An example is provided here:

Example: Policy Commons

https://policycommons.net/start-session?entityID=your- entityID

Notes:

• Replace "your-entityID" in the above URL with a URL-encoded version of your institution’s SAML Identity Provider Entity ID.

• To place the user at a deep page, an optional &target= parameter may contain any valid (encoded) URL at the destination product. Without an &target=, the authenticated user will be placed at the destination site’s home page.

• All Coherent Digital sites use the same WAYFless URL syntax. Replace policycommons.net with any other Coherent Digital site domain.

• This WAYFless URL syntax is considered a Service-Provider-initiated WAYFless URL (because the session starts at the Coherent Digital site and then redirects to your Identity Provider to log the user in if they don’t already have an active session.) Your Identity Provider will also support a (different) WAYFless URL syntax that starts at the Identify Provider domain. This Identity-Provider Initiated WAYFless URL will indicate the database site you want the user to be sent to after logging in. Please contact your Identity Provider vendor for information about the WAYFless URL syntax they support. You would use either a service-provider initiated or identity-provider initiated URL in your database menu.