Single Sign-On (SSO) access to Springer Link
- Set up SSO for academic institutions
- Set up SSO for companies
- Springer Service Provider Details
- WAYFless URLs
- Attribute Mappings
- Set up SSO using GSuite
- Set up SSO using Microsoft Active Directory
- Set up SSO using Okta
Set up SSO for academic institutions
If you have an entityID and/or an Athens Code, please contact Online Services with those details. When this information has been added you will find your institution name listed in the appropriate drop down menu on our Federated Access login page.
If your institution is a member of a country federation such as those listed on the EduGain site then your Identity Provider (IdP) metadata should automatically be imported into our system. Also, you should automatically have the SpringerLink Service Provider metadata
Set up SSO for companies
If your company has a authentication system which uses the SAML protocol then you can enable off-site access to SpringerLink. SpringerLink supports all SAML based federated authentication systems including:
- Microsoft Active Directory Federation Service(ADFS)/Azure
- Ping Identity
In order to setup SSO access to SpringerLink follow these steps
- Import the 'SpringerLink' metadata into your Identity Provider
- Send your Identity Provider's metadata URL (recommended) or metadata XML file to Online Services specifying the entityID and ask them to link it to your account with SpringerLink
Springer Service Provider Details
- ACS URL/Reply Url: https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
- Entity ID/Identifier: https://fsso.springer.com
- Start URL: https://link.springer.com
- Sign-on url: https://link.springer.com/athens-shibboleth-login?previousUrl=https%3A%2F%2Flink.springer.com%2F
- Metadata for SpringerLink https://fsso.springer.com/saml/metadata
To avoid having to use the 'Where Are You From' (WAYF) page it is possible to link directly to articles on the SpringerLink site. If the user is already logged in they will be taken directly to the article, otherwise they will be taken directly to your login page and then onto the article after logging in. These links are created using the following format
- entityID : The entity ID of your organisation e.g. https://mycompany.com/adfs/services/trust
- article link : The encoded link to the article, journal or search e.g.
- Article: https://link.springer.com/article/10.1007/s12288-015-0534-1
- Journal: https://link.springer.com/journal/10765
- Search: https://link.springer.com/search?query=graphene
- Faceted Search: https://link.springer.com/search?query=graphene&facet-content-type="Journal"
Note: The entityID and article link should be encoded otherwise the link may not work. An example WAYFless URL would look like this
Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing SpringerLink using federated authentication the organisation using a third party are identified by an attribute sent in the SAML response e.g. the 'eduPersonScopedAffiliation' in the case of most academic institutions. If this is the case for your organisation, you should send the name of the attribute, its value and the entityId of the Identity Provider to Online Services.
Set up SSO using GSuite
Setup of SpringerLink federated access on GSuite can be seen in the video here
Set up SSO using Microsoft Active Directory Federation Service(ADFS)
To configure the SAML SSO access the Azure portal (https://portal.azure.com/) then goto : Azure Active Directory -> Enterprise Applications -> New Application -> Non-gallery Application
Use the following values for the configuration:
- Identifier (Entity ID) : https://fsso.springer.com
- Reply URL (Assertion Consumer Service URL) : https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
- Sign on URL : https://fsso.springer.com/saml/login?idp=[entityID]&targetUrl=https://link.springer.com
- Relay State : https://link.springer.com
The Microsoft document detailing how to setup access to SpringerLink can be found here https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/springerlink-tutorial
Set up SSO using Okta
As SpringerLink has a registered Okta app, it is literally just a few clicks to set it up.
For the required steps please follow the Okta documentationhttps://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Springer-Link.html
- Identity Provider (IdP) : Your institutional authentication system
- Entity ID : a URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file
- Service Provider (SP) : The SpringerLink service
- Where Are You From page (WAYF) : Also know as the 'discovery page' it presents the user a list of Identity Providers. It is a page where the user identifies which organisational Identity Provider they belong to. This is the SpringerLink WAYF Page
- WAYFless URL : A link to a url on the SpringerLink site which allows the user to avoid navigating via the WAYF page
How do I know if I am logged in?
If you have successfully authenticated you should see your organisation name and the corresponding Springer 'Business Partner ID' (BPID)) at the bottom of the page
What if I get an 'Access Denied' page?
If you get 'Access Denied' page it means that you have been successfully authenticated, but your authentication credentials have not been matched to a Springer business partner id. This usually means that your credentials such as entityID, Athens Code or attribute mapping may be incorrect or missing. In this case contact Online Services to verify that everything is correct