Introduction
JustAthens is a service that provides single sign-on (SSO) access to various online resources, databases, and content for institutions such as universities, libraries, and research organizations. It simplifies the authentication process for users by allowing them to use their institution's credentials to access a wide range of subscribed resources without having to remember multiple usernames and passwords. We make it simple and easy for you to provide remote access to your resource or service from any location
What Is SSO?
Single Sign-On (SSO) for remote access refers to the use of SSO principles and technologies to provide users with seamless and secure access to resources, applications, and services located outside of their organization's internal network. In other words, SSO for remote access allows users to log in once and gain access to various remote resources without needing to authenticate separately for each resource.
Here's how SSO for remote access works:
User Authentication:
A user initiates the remote access process by logging in to their organization's internal network using their credentials.
SSO Initiation:
Once authenticated, the user wants to access a remote application or resource. Instead of providing separate credentials, the user is transparently authenticated using the initial login session.
Token-Based Access:
The internal network's authentication system generates a security token that represents the user's authenticated session.
Remote Resource Access:
This token is then passed to the remote resource (application, service, etc.) that the user is trying to access.
Token Validation:
The remote resource receives the token and validates it with the user's organization's authentication system (often an Identity Provider or IdP).
Access Granted:
If the token is valid and the user is authorized to access the remote resource, they are granted access without needing to provide additional credentials.
What is SAML ?
Security Assertion Markup Language (SAML) is a widely used protocol for implementing Single Sign-On (SSO) solutions. SAML enables secure authentication and authorization between different parties, typically an Identity Provider (IdP) and a Service Provider (SP), allowing users to access multiple applications and services with a single set of login credentials.
Here's how SAML works in the context of SSO:
User Access Request:
A user attempts to access a service or application provided by a Service Provider (SP).
SP Redirection:
The SP recognizes that the user is not authenticated and redirects the user to the Identity Provider (IdP) for authentication.
Authentication at IdP:
The user enters their credentials (username and password) at the IdP's authentication page.
SAML Request:
Once authenticated, the IdP generates a SAML assertion that includes information about the user's identity and attributes, as well as a digital signature to ensure the integrity of the assertion.
SAML Response:
The IdP sends the SAML assertion back to the SP as a response to the authentication request.
SP Verification:
The SP validates the digital signature on the SAML assertion to ensure its authenticity. It also checks whether the user's attributes and identity match the information it expects.
User Access Granted:
If the SAML assertion is valid and the user is authorized to access the SP's service, the user is granted access without needing to log in again.
Who can become a Service Provider ?
In the context of Just-Athens, a remote access and Single Sign-On (SSO) solution primarily designed for the academic and library community, Service Providers (SPs) are typically online resources that offer academic content and materials to users within institutions. Just-Athens facilitates secure access to these resources through SSO, ensuring that authorized users can seamlessly access a wide range of scholarly materials. Here are examples of entities that can become Service Providers in Just-Athens remote access:
Academic Publishers:
Publishers of scholarly journals, e-books, research databases, and academic content can be integrated as Service Providers.
Database Providers:
Academic databases that offer access to research articles, abstracts, and other academic materials can become Service Providers.
Library Catalogs:
Library catalogs and discovery systems that allow users to search and access physical and digital library resources.
Research Repositories:
Institutional and subject-specific repositories where researchers share their scholarly work can be integrated as Service Providers.
E-Learning Platforms:
Online learning platforms that offer courses, lectures, and educational resources for students and educators.
Digital Archives:
Digital archives and collections of historical documents, manuscripts, and cultural artifacts.
Academic Journals:
Academic journals and periodicals from various fields of study can be included as Service Providers.
Media Resources:
Digital libraries for audiovisual resources, such as streaming videos and multimedia content for educational purposes.
Specialized Libraries:
Specialized libraries, such as law libraries or medical libraries, can provide access to resources specific to their domain.
Research Tools:
Tools for data analysis, visualization, and research collaboration that support the academic community.
How to take advantage of it?
if an organization have a subscription in a service provider and want to use Just-Athens for Authentification:
-
Organization representative establishes communication with Just-Athens administrators or
support team via this link or the support email : info@just-open.com
or the organization inform their sp that they want to use Just-Athens. - Agreement or contract discussions take place, including terms of use, access rights, and any necessary legal arrangements.
- after the agreement accepted the person who contact our administrator or support teams will recive a credential to connect to our platfrom as an organization Administrator.
Becoming a Service Provider (SP) in Just-Athens involves a series of steps to ensure that academic publishers can securely provide their content to authorized users within institutions. Here's a simplified flow of how an Academic Publisher can become a Service Provider in Just-Athens:
Engagement and Communication:
Publisher's representative establishes communication with Just-Athens administrators or support team via this link or the support email : info@justech.tn
Agreement and Integration Preparation:
- Just-Athens administrators provide the Academic Publisher with information about the technical and operational requirements for becoming a Service Provider.
- Agreement or contract discussions take place, including terms of use, access rights, and any necessary legal arrangements.
Technical Integration:
- after the agreement accepted the person who contact our administrator or support teams will recive a credential to connect to our platfrom as an sp Administrator.
-
once the SP administartor connect to his Just-Athens Account he can create a new resource
and configure it with the necessary atribute.
- resource name
- resource Url
- Assertion Consumer service Url
- Issuer
- Audiance
- Logout Destination
-
needed Metadata and Claim that whant the sp recive them in the saml assertion
Matdata Attribute :
Attribute Type Description userId string user id OrganizationName string organization name of the user organizationIpAdress string ip adress of the organization Email string Email adress of user FirstName string user FirstName MiddleName string user MiddleName LastName string user LastName Upn string user profile name Role string user role DateOfBirth string user birthday date Country string user country Address string user address PostalCode string user postal code Phone string user phone number subscriptionExpirationDate string subcscription expiration date of the user organization - Download the X509 Certificate file and copy password
- Use The certificate file in the integration