Single Sign-On (SSO) access to Springer Link

FAQs

Set up SSO for academic institutions


If you have an entityID and/or an Athens Code, please contact Online Services with those details. When this information has been added you will find your institution name listed in the appropriate drop down menu on our Federated Access login page. The name displayed on this list is the one found in the institution's metadata directly provided to us or specified in a country federation.

If your institution is a member of a country federation such as those listed on the EduGain site then your Identity Provider (IdP) metadata should automatically be imported into our system. Also, you should automatically have the SpringerLink Service Provider metadata.

Set up SSO for companies


If your company has a authentication system which uses the SAML protocol then you can enable off-site access to SpringerLink. SpringerLink supports all SAML based federated authentication systems including:

  • Microsoft Active Directory Federation Service(ADFS)/Azure
  • GSuite
  • Shibboleth
  • OpenAthens
  • Ping Identity
  • Okta
  • OneLogin
  • SailPoint

In order to setup SSO access to SpringerLink follow these steps

  1. Import the 'SpringerLink' metadata into your Identity Provider
  2. Send your Identity Provider's metadata URL (recommended) or metadata XML file to Online Services specifying the entityID and ask them to link it to your account with SpringerLink

Springer Service Provider Details


  • ACS URL/Reply Url: https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
  • Entity ID/Identifier: https://fsso.springer.com
  • Start URL: https://link.springer.com
  • Sign-on url: https://wayf.springernature.com/?redirect_uri=https://link.springer.com
  • Metadata for SpringerLink https://fsso.springer.com/saml/metadata

WAYFless URLs


To avoid having to use the 'Where Are You From' (WAYF) page it is possible to link directly to articles on the SpringerLink site. If the user is already logged in they will be taken directly to the article, otherwise they will be taken directly to your login page and then onto the article after logging in. These links are created using the following format

https://fsso.springer.com/saml/login?idp=[entityID]&targetUrl=[article link]

  • entityID : The entity ID of your organisation e.g. https://mycompany.com/adfs/services/trust
  • article link : The encoded link to the article, journal or search e.g.
    • Article: https://link.springer.com/article/10.1007/s12288-015-0534-1
    • Journal: https://link.springer.com/journal/10765
    • Search: https://link.springer.com/search?query=graphene
    • Faceted Search: https://link.springer.com/search?query=graphene&facet-content-type="Journal"

Note: The entityID and article link should be encoded otherwise the link may not work. An example WAYFless URL would look like this

https://fsso.springer.com/saml/login?
idp=https%3A%2F%2Fmycompany.com%2Fadfs%2Fservices%2Ftrust
&targetUrl=https%3A%2F%2Flink.springer.com%2Farticle%2F10.1007%2Fs12288-015-0534-1

Attribute Mappings

Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing SpringerLink using federated authentication the organisation using a third party are identified by an attribute sent in the SAML response e.g. the 'eduPersonScopedAffiliation' in the case of most academic institutions. If this is the case for your organisation, you should send the name of the attribute, its value and the entityId of the Identity Provider to Online Services.

Set up SSO using GSuite

Setup of SpringerLink federated access on GSuite can be seen in the video here

Set up SSO using Microsoft Azure Active Directory

The Microsoft document detailing how to setup access to SpringerLink on Azure using a gallery application can be found here:
https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/springerlink-tutorial

If you wish to set it up manually, access the Azure portal (https://portal.azure.com/) then go to: Azure Active Directory -> Enterprise Applications -> New Application -> Non-gallery Application

Give it a name like SpringerLink and click Add.

On the newly created application overview page click on Single sign-on then SAML

Edit the Basic SAML Configuration section and use the following values:

  • Identifier (Entity ID) : https://fsso.springer.com
  • Reply URL (Assertion Consumer Service URL) : https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
  • Sign on URL : https://fsso.springer.com/saml/login?idp=[your-entityID]&targetUrl=https://link.springer.com
  • Relay State : https://link.springer.com
your-entityID is the Azure AD Identifier which you will find further down on the setup page (Section 4). The resulting value should look something like:

https://fsso.springer.com/saml/login?idp=https://sts.windows.net/af2d669a-8754-49df-9b01-aa92d453b591/&targetUrl=https://link.springer.com

Set up SSO using Okta

As SpringerLink has a registered Okta app, it is literally just a few clicks to set it up.

For the required steps please follow the Okta documentation

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Springer-Link.html

Glossary

  • Identity Provider (IdP) : Your institutional authentication system
  • Entity ID : a URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file
  • Service Provider (SP) : The SpringerLink service
  • Where Are You From page (WAYF) : Also know as the 'discovery page' it presents the user a list of Identity Providers. It is a page where the user identifies which organisational Identity Provider they belong to. This is the SpringerLink WAYF Page
  • WAYFless URL : A link to a url on the SpringerLink site which allows the user to avoid navigating via the WAYF page

FAQS

How do I know if I am logged in?

If you have successfully authenticated you should see your organisation name and the corresponding Springer 'Business Partner ID' (BPID)) at the bottom of the page