JustAthens is a service that provides single sign-on (SSO) access to various online resources, databases, and content for institutions such as universities, libraries, and research organizations. It simplifies the authentication process for users by allowing them to use their institution's credentials to access a wide range of subscribed resources without having to remember multiple usernames and passwords. We make it simple and easy for you to provide remote access to your resource or service from any location
Single Sign-On (SSO) for remote access refers to the use of SSO principles and technologies to provide users with seamless and secure access to resources, applications, and services located outside of their organization's internal network. In other words, SSO for remote access allows users to log in once and gain access to various remote resources without needing to authenticate separately for each resource.
Here's how SSO for remote access works:
A user initiates the remote access process by logging in to their organization's internal network using their credentials.
Once authenticated, the user wants to access a remote application or resource. Instead of providing separate credentials, the user is transparently authenticated using the initial login session.
The internal network's authentication system generates a security token that represents the user's authenticated session.
This token is then passed to the remote resource (application, service, etc.) that the user is trying to access.
The remote resource receives the token and validates it with the user's organization's authentication system (often an Identity Provider or IdP).
If the token is valid and the user is authorized to access the remote resource, they are granted access without needing to provide additional credentials.
Security Assertion Markup Language (SAML) is a widely used protocol for implementing Single Sign-On (SSO) solutions. SAML enables secure authentication and authorization between different parties, typically an Identity Provider (IdP) and a Service Provider (SP), allowing users to access multiple applications and services with a single set of login credentials.
Here's how SAML works in the context of SSO:
A user attempts to access a service or application provided by a Service Provider (SP).
The SP recognizes that the user is not authenticated and redirects the user to the Identity Provider (IdP) for authentication.
The user enters their credentials (username and password) at the IdP's authentication page.
Once authenticated, the IdP generates a SAML assertion that includes information about the user's identity and attributes, as well as a digital signature to ensure the integrity of the assertion.
The IdP sends the SAML assertion back to the SP as a response to the authentication request.
The SP validates the digital signature on the SAML assertion to ensure its authenticity. It also checks whether the user's attributes and identity match the information it expects.
If the SAML assertion is valid and the user is authorized to access the SP's service, the user is granted access without needing to log in again.
In the context of Just-Athens, a remote access and Single Sign-On (SSO) solution primarily designed for the academic and library community, Service Providers (SPs) are typically online resources that offer academic content and materials to users within institutions. Just-Athens facilitates secure access to these resources through SSO, ensuring that authorized users can seamlessly access a wide range of scholarly materials. Here are examples of entities that can become Service Providers in Just-Athens remote access:
Publishers of scholarly journals, e-books, research databases, and academic content can be integrated as Service Providers.
Academic databases that offer access to research articles, abstracts, and other academic materials can become Service Providers.
Library catalogs and discovery systems that allow users to search and access physical and digital library resources.
Institutional and subject-specific repositories where researchers share their scholarly work can be integrated as Service Providers.
Online learning platforms that offer courses, lectures, and educational resources for students and educators.
Digital archives and collections of historical documents, manuscripts, and cultural artifacts.
Academic journals and periodicals from various fields of study can be included as Service Providers.
Digital libraries for audiovisual resources, such as streaming videos and multimedia content for educational purposes.
Specialized libraries, such as law libraries or medical libraries, can provide access to resources specific to their domain.
Tools for data analysis, visualization, and research collaboration that support the academic community.
if an organization have a subscription in a service provider and want to use Just-Athens for Authentification:
Becoming a Service Provider (SP) in Just-Athens involves a series of steps to ensure that academic publishers can securely provide their content to authorized users within institutions. Here's a simplified flow of how an Academic Publisher can become a Service Provider in Just-Athens:
Publisher's representative establishes communication with Just-Athens administrators or support team via this link or the support email : info@justech.tn
needed Metadata and Claim that whant the sp recive them in the saml assertion
Attribute | Type | Description |
---|---|---|
userId | string | user id |
OrganizationName | string | organization name of the user |
organizationIpAdress | string | ip adress of the organization |
string | Email adress of user | |
FirstName | string | user FirstName |
MiddleName | string | user MiddleName |
LastName | string | user LastName |
Upn | string | user profile name |
Role | string | user role |
DateOfBirth | string | user birthday date |
Country | string | user country |
Address | string | user address |
PostalCode | string | user postal code |
Phone | string | user phone number |
subscriptionExpirationDate | string | subcscription expiration date of the user organization |