[go: up one dir, main page]

Skip to main content

Single sign-on (SSO)

Give your patrons access to your content and services via SSO, also called “federated access”. Definition of single sign-on on Wikipedia. We support all SAML 2.0 identity providers but we do not support OpenID, OAuth, or other non-SAML 2.0 services.

Step 1: Set up in your identity provider


Most identity providers

Follow your identity provider’s usual process to set up Springer Nature Link and nature.com. See the “Service provider details” for the metadata you will need. If your institution is a member of a country federation such as those listed on the EduGain site you should automatically have our service provider metadata.

If you set up Springer Nature Link and nature.com separately in your identity provider, give each a unique organisation name to help your patrons choose the correct organisation on our WAYF pages, for example “Company, Inc. (Springer Nature Link)” and “Company, Inc. (nature.com)”. Separate set up is recommended for Okta and Microsoft Azure Active Directory / Entra.

Okta

Springer Nature Link: Setup info (on okta.com) nature.com: Setup info (on okta.com)

Microsoft Azure Active Directory / Entra

Separately for Springer Nature Link and nature.com, do the following:

  1. Access the Azure portal
  2. Go to Azure Active Directory > Enterprise Applications > New Application > Non-gallery Application
  3. Choose a name like “Company, Inc. (Springer Nature Link)” or “Company, Inc. (nature.com)” and click Add
  4. Go to Single sign-on > SAML
  5. In Basic SAML Configuration, enter metadata from “Service provider details”

Service provider details

Entity ID / Identifier Springer Nature Link: https://fsso.springer.com nature.com: https://secure.nature.com/shibboleth
Reply URL / Assertion consumer service URL Springer Nature Link: https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider nature.com: https://secure.nature.com/oa/auth/rcv/saml2/post
Start URL / Relay state Springer Nature Link: https://link.springer.com nature.com: https://www.nature.com
Sign-on URL Springer Nature Link: https://fsso.springer.com/saml/login?idp=[Your entity ID]&targetUrl=https%3A%2F%2Flink.springer.com nature.com: https://sp.nature.com/saml/login?idp=[Your entity ID]&targetUrl=https%3A%2F%2Fwww.nature.com
Your entity ID: E.g. https://mycompany.com/adfs/services/trust. Should be URL encoded. Microsoft Azure Active Directory / Entra: use the Azure AD Identifier which you will find in section 4 on the setup page. It will look something like https://sts.windows.net/se6d332d-1254-55df-9b01-aa99w321b111/

Step 2: Set up in our systems


Most Identity Providers

Send us your identity provider details.

OpenAthens

Send us your OpenAthens details.

Okta

Send us your Okta details.

Microsoft Azure Active Directory / Entra

Send us your Microsofft Azure Active Directory / Entra details.

Entity ID: use the Azure AD Identifier which you will find in section 4 on the setup page. It will look something like https://sts.windows.net/af2d669a-8754-49df-9b01-aa92d453b591/

Name of your organisation

The name we display on the WAYF page will be chosen as follows:
  1. If a custom organisation name has been chosen, we display that,
  2. else if a name is set in your IdP metadata, we display that,
  3. else our billing name for your organisation will be displayed

If you use a shared identity provider

Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing Springer Nature Link and nature.com the organisation using a third party are identified by an attribute sent in the SAML response, e.g. “eduPersonScopedAffiliation” in the case of most academic institutions. We will need to know the name and value of the attribute.

Optional: Set up WAYFless URLs


Benefits and workflow

Reduce obstacles for patrons and make sure that patrons use the SSO system, by bypassing our WAYF pages.

Create links with WAYFless URLs for your discovery system, catalogue, reading lists, etc. for linking to articles, books, search queries, etc. on nature.com and Springer Nature Link.

When patrons click the links, they will either be taken directly to the content if already logged in, or, they will be taken to your login page to authenticate and then be taken to the content.

Example of WAYFless URL

https://sp.nature.com/saml/login?idp=https%3A%2F%2Fmycompany.com%2Fadfs%2Fservices%2Ftrust&targetUrl=https%3A%2F%2Fwww.nature.com%2Fsearch%3Fq%3Dgraphene

WAYFless URL format

Springer Nature Link: https://fsso.springer.com/saml/login?idp=[Your entity ID]&targetUrl=[Target URL] nature.com: https://sp.nature.com/saml/login?idp=[Your entity ID]&targetUrl=[Target URL]

Note: The entity ID and target URL should be URL encoded.

Your entity ID E.g. https://mycompany.com/adfs/services/trust

Microsoft Azure Active Directory / Entra: use the Azure AD Identifier which you will find in section 4 on the setup page. It will look something like https://sts.windows.net/se6d332d-1254-55df-9b01-aa99w321b111/

Target URL The address of the article, journal, search query, etc. Must start with https://link.springer.com or https://www.nature.com. E.g. https://www.nature.com/articles/nature25447

Help


How do I know that we are set up?

Your institution will be findable on the nature.com WAYF page and on the Springer Nature Link WAYF page.

How do I know that I am logged in?

  1. Go to our identity debug page for Springer Nature Link or nature.com.
  2. Look for “samlProofs”. If the value is not null then a SAML response has been processed correctly, i.e. your Identity provider and our system are both configured correctly.
  3. Look for “samlCredentials”. If the list of BPIDs is not empty, your entity ID (or entity ID + attributes) has been matched to one or more Springer Nature customer accounts (“business partners”). Any content licensed by that “business partner” can be accessed .

Contact us

If you need assistance, contact customer service.

We support all SAML 2.0 identity providers

  • Shibboleth
  • OpenAthens
  • Microsoft Active Directory Federation Service (ADFS) / Azure / Entra
  • GSuite
  • Ping Identity
  • Okta
  • OneLogin
  • SailPoint
  • and any other SAML 2.0 based identity provider

We do not support OpenID, OAuth, or other non-SAML 2.0 services.

Glossary

Identity provider (IdP)

Your institutional authentication system.

Service provider (SP)

The Springer Nature Link or nature.com service.

Entity ID / Identifier

A URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file.

Reply URL / Assertion consumer service URL

An endpoint on the service provider that the identity provider will redirect to with its authentication response.

Start URL / Relay state

The relay state is used by the IdP to signal to the SP what URL the SP should redirect to after successful sign on.

Sign-on URL

URL to the service provider’s sign-on page for the institution.

Where-are-you-from page (WAYF page)

Also know as the “discovery page” it presents the user a list of identity providers. It is a page where the user identifies which organisation they belong to. Examples: the Springer Nature Link WAYF page, the nature.com WAYF page.

WAYFless URL

A link to a URL on the Springer Nature Link or nature.com sites which allows the user to avoid navigating via the WAYF page.