This article provides general information about the Center for Open Science’s Shibboleth-based Single Sign-On (SSO) integration for organizations who have signed the OSF for Institutions Offer of Services letter.
What is Single Sign-On?
In general, Single Sign-On, or SSO, allows users authenticated with one trusted system (e.g. university network) to also authenticate using those same “home” credentials with another trusted network (e.g. Open Science Framework service). In the case of the second authentication, users are not asked to log in again, but instead the authenticated credentials are shared between systems.
Who can use Single Sign-On with Open Science Framework?
Any organization that has implemented a Shibboleth Identity Provider and signed the OSF for Institutions Offer for Services can offer SSO to OSF accounts.
A few notes:
- Current OSF users who have already set up accounts with a different login, will be able to retain those credentials and choose to login with personal or institutional credentials.
- Users’ authentication to the OSF service using SSO cannot also use the “forgot Password” link on the OSF website to remind them of their credentials, as their user credentials are specific to and managed by their organization.
COS offers a Shibboleth-based Service Provider (SP);The following attributes must be released by the IdP in order for COS to provide services (all attributes are required):
- persistent-id - this is a unique identifier for the user (such as eppn)
- mail - the user’s email address (e.g. firstname.lastname@example.org)
- displayName - the full name of the user (e.g. John Smith)
To implement and test SSO for your institution:
1. Ensure that your IT administrators have the COS SP metadata:
2. Ensure that your IT administrators are releasing the three required attributes listed above.
3. Inform COS of the user you would like to test with; your COS contact will ensure your account is ready to go and will send you a link to test the SSO configuration setup for your institution.