Introduction

JustAthens is a service that provides single sign-on (SSO) access to various online resources, databases, and content for institutions such as universities, libraries, and research organizations. It simplifies the authentication process for users by allowing them to use their institution's credentials to access a wide range of subscribed resources without having to remember multiple usernames and passwords. We make it simple and easy for you to provide remote access to your resource or service from any location

What Is SSO?

Single Sign-On (SSO) for remote access refers to the use of SSO principles and technologies to provide users with seamless and secure access to resources, applications, and services located outside of their organization's internal network. In other words, SSO for remote access allows users to log in once and gain access to various remote resources without needing to authenticate separately for each resource.
Here's how SSO for remote access works:

User Authentication:

A user initiates the remote access process by logging in to their organization's internal network using their credentials.

SSO Initiation:

Once authenticated, the user wants to access a remote application or resource. Instead of providing separate credentials, the user is transparently authenticated using the initial login session.

Token-Based Access:

The internal network's authentication system generates a security token that represents the user's authenticated session.

Remote Resource Access:

This token is then passed to the remote resource (application, service, etc.) that the user is trying to access.

Token Validation:

The remote resource receives the token and validates it with the user's organization's authentication system (often an Identity Provider or IdP).

Access Granted:

If the token is valid and the user is authorized to access the remote resource, they are granted access without needing to provide additional credentials.

What is SAML ?

Security Assertion Markup Language (SAML) is a widely used protocol for implementing Single Sign-On (SSO) solutions. SAML enables secure authentication and authorization between different parties, typically an Identity Provider (IdP) and a Service Provider (SP), allowing users to access multiple applications and services with a single set of login credentials.
Here's how SAML works in the context of SSO:

saml flow just-athens
User Access Request:

A user attempts to access a service or application provided by a Service Provider (SP).

SP Redirection:

The SP recognizes that the user is not authenticated and redirects the user to the Identity Provider (IdP) for authentication.

Authentication at IdP:

The user enters their credentials (username and password) at the IdP's authentication page.

SAML Request:

Once authenticated, the IdP generates a SAML assertion that includes information about the user's identity and attributes, as well as a digital signature to ensure the integrity of the assertion.

SAML Response:

The IdP sends the SAML assertion back to the SP as a response to the authentication request.

SP Verification:

The SP validates the digital signature on the SAML assertion to ensure its authenticity. It also checks whether the user's attributes and identity match the information it expects.

User Access Granted:

If the SAML assertion is valid and the user is authorized to access the SP's service, the user is granted access without needing to log in again.

***the Idp is Just-Athens***

Who can become a Service Provider ?

In the context of Just-Athens, a remote access and Single Sign-On (SSO) solution primarily designed for the academic and library community, Service Providers (SPs) are typically online resources that offer academic content and materials to users within institutions. Just-Athens facilitates secure access to these resources through SSO, ensuring that authorized users can seamlessly access a wide range of scholarly materials. Here are examples of entities that can become Service Providers in Just-Athens remote access:

Academic Publishers:

Publishers of scholarly journals, e-books, research databases, and academic content can be integrated as Service Providers.

Database Providers:

Academic databases that offer access to research articles, abstracts, and other academic materials can become Service Providers.

Library Catalogs:

Library catalogs and discovery systems that allow users to search and access physical and digital library resources.

Research Repositories:

Institutional and subject-specific repositories where researchers share their scholarly work can be integrated as Service Providers.

E-Learning Platforms:

Online learning platforms that offer courses, lectures, and educational resources for students and educators.

Digital Archives:

Digital archives and collections of historical documents, manuscripts, and cultural artifacts.

Academic Journals:

Academic journals and periodicals from various fields of study can be included as Service Providers.

Media Resources:

Digital libraries for audiovisual resources, such as streaming videos and multimedia content for educational purposes.

Specialized Libraries:

Specialized libraries, such as law libraries or medical libraries, can provide access to resources specific to their domain.

Research Tools:

Tools for data analysis, visualization, and research collaboration that support the academic community.

How to take advantage of it?

if an organization have a subscription in a service provider and want to use Just-Athens for Authentification:

  • Organization representative establishes communication with Just-Athens administrators or support team via this link or the support email : info@just-open.com
    or the organization inform their sp that they want to use Just-Athens.
  • Agreement or contract discussions take place, including terms of use, access rights, and any necessary legal arrangements.
  • after the agreement accepted the person who contact our administrator or support teams will recive a credential to connect to our platfrom as an organization Administrator.

Becoming a Service Provider (SP) in Just-Athens involves a series of steps to ensure that academic publishers can securely provide their content to authorized users within institutions. Here's a simplified flow of how an Academic Publisher can become a Service Provider in Just-Athens:

Engagement and Communication:

Publisher's representative establishes communication with Just-Athens administrators or support team via this link or the support email : info@justech.tn

Agreement and Integration Preparation:

  • Just-Athens administrators provide the Academic Publisher with information about the technical and operational requirements for becoming a Service Provider.
  • Agreement or contract discussions take place, including terms of use, access rights, and any necessary legal arrangements.

Technical Integration:

  • after the agreement accepted the person who contact our administrator or support teams will recive a credential to connect to our platfrom as an sp Administrator.
  • once the SP administartor connect to his Just-Athens Account he can create a new resource and configure it with the necessary atribute.
    • resource name
    • resource Url
    • Assertion Consumer service Url
    • Issuer
    • Audiance
    • Logout Destination
    • needed Metadata and Claim that whant the sp recive them in the saml assertion

      Matdata Attribute :
      Attribute Type Description
      userId string user id
      OrganizationName string organization name of the user
      organizationIpAdress string ip adress of the organization
      Email string Email adress of user
      FirstName string user FirstName
      MiddleName string user MiddleName
      LastName string user LastName
      Upn string user profile name
      Role string user role
      DateOfBirth string user birthday date
      Country string user country
      Address string user address
      PostalCode string user postal code
      Phone string user phone number
      subscriptionExpirationDate string subcscription expiration date of the user organization
    • Download the X509 Certificate file and copy password
    • Use The certificate file in the integration