Single Sign-On (SSO) access to Springer Link

FAQs

Set up SSO for academic institutions


If you have an entityID and/or an Athens Code, please contact Online Services with those details. When this information has been added you will find your institution name listed in the appropriate drop down menu on our Federated Access login page.

If your institution is a member of a country federation such as those listed on the EduGain site then your Identity Provider (IdP) metadata should automatically be imported into our system. Also, you should automatically have the SpringerLink Service Provider metadata

Set up SSO for companies


If your company has a authentication system which uses the SAML protocol then you can enable off-site access to SpringerLink. SpringerLink supports all SAML based federated authentication systems including:

  • Microsoft Active Directory Federation Service(ADFS)/Azure
  • GSuite
  • Shibboleth
  • OpenAthens
  • Ping Identity
  • Okta
  • OneLogin
  • SailPoint

In order to setup SSO access to SpringerLink follow these steps

  1. Import the 'SpringerLink' metadata into your Identity Provider
  2. Send your Identity Provider's metadata URL (recommended) or metadata XML file to Online Services specifying the entityID and ask them to link it to your account with SpringerLink

Springer Service Provider Details


  • ACS URL/Reply Url: https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
  • Entity ID/Identifier: https://fsso.springer.com
  • Start URL: https://link.springer.com
  • Sign-on url: https://link.springer.com/athens-shibboleth-login?previousUrl=https%3A%2F%2Flink.springer.com%2F
  • Metadata for SpringerLink https://fsso.springer.com/saml/metadata

WAYFless URLs


To avoid having to use the 'Where Are You From' (WAYF) page it is possible to link directly to articles on the SpringerLink site. If the user is already logged in they will be taken directly to the article, otherwise they will be taken directly to your login page and then onto the article after logging in. These links are created using the following format

https://fsso.springer.com/saml/login?idp=[entityID]&targetUrl=[article link]

  • entityID : The entity ID of your organisation e.g. https://mycompany.com/adfs/services/trust
  • article link : The encoded link to the article, journal or search e.g.
    • Article: https://link.springer.com/article/10.1007/s12288-015-0534-1
    • Journal: https://link.springer.com/journal/10765
    • Search: https://link.springer.com/search?query=graphene
    • Faceted Search: https://link.springer.com/search?query=graphene&facet-content-type="Journal"

Note: The entityID and article link should be encoded otherwise the link may not work. An example WAYFless URL would look like this

https://fsso.springer.com/saml/login?
idp=https%3A%2F%2Fmycompany.com%2Fadfs%2Fservices%2Ftrust
&targetUrl=https%3A%2F%2Flink.springer.com%2Farticle%2F10.1007%2Fs12288-015-0534-1

Attribute Mappings

Some organisations share an identity provider hosted by a third party such as CSTNet, Rediris, Fédération Education-Recherche and GakuNin. When accessing SpringerLink using federated authentication the organisation using a third party are identified by an attribute sent in the SAML response e.g. the 'eduPersonScopedAffiliation' in the case of most academic institutions. If this is the case for your organisation, you should send the name of the attribute, its value and the entityId of the Identity Provider to Online Services.

Set up SSO using GSuite

Setup of SpringerLink federated access on GSuite can be seen in the video here

Set up SSO using Microsoft Active Directory Federation Service(ADFS)

To configure the SAML SSO access the Azure portal (https://portal.azure.com/) then goto : Azure Active Directory -> Enterprise Applications -> New Application -> Non-gallery Application

Use the following values for the configuration:

  • Identifier (Entity ID) : https://fsso.springer.com
  • Reply URL (Assertion Consumer Service URL) : https://fsso.springer.com/federation/Consumer/metaAlias/SpringerServiceProvider
  • Sign on URL : https://fsso.springer.com/saml/login?idp=[entityID]&targetUrl=https://link.springer.com
  • Relay State : https://link.springer.com
entityID is the 'Azure AD Identifier' which you will find on the 'SAML-based sign-on' setup page (Section 4). The resulting value should look something like:

https://fsso.springer.com/saml/login?idp=https://sts.windows.net/af2d669a-8754-49df-9b01-aa92d453b591/&targetUrl=https://link.springer.com

The Microsoft document detailing how to setup access to SpringerLink can be found here https://docs.microsoft.com/en-gb/azure/active-directory/saas-apps/springerlink-tutorial

Set up SSO using Okta

As SpringerLink has a registered Okta app, it is literally just a few clicks to set it up.

For the required steps please follow the Okta documentation

https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Springer-Link.html

Glossary

  • Identity Provider (IdP) : Your institutional authentication system
  • Entity ID : a URL (or URN) that uniquely identifies your SAML identity provider. It can be found in your SAML metadata xml file
  • Service Provider (SP) : The SpringerLink service
  • Where Are You From page (WAYF) : Also know as the 'discovery page' it presents the user a list of Identity Providers. It is a page where the user identifies which organisational Identity Provider they belong to. This is the SpringerLink WAYF Page
  • WAYFless URL : A link to a url on the SpringerLink site which allows the user to avoid navigating via the WAYF page

FAQS

How do I know if I am logged in?

If you have successfully authenticated you should see your organisation name and the corresponding Springer 'Business Partner ID' (BPID)) at the bottom of the page


What if I get an 'Access Denied' page?

If you get 'Access Denied' page it means that you have been successfully authenticated, but your authentication credentials have not been matched to a Springer business partner id. This usually means that your credentials such as entityID, Athens Code or attribute mapping may be incorrect or missing. In this case contact Online Services to verify that everything is correct