OpenAthens Keystone
OpenAthens Keystone is a SAML-to-OIDC gateway service used in Statista's SSO implementation.
Technical Specifications
Service Type: Authentication Gateway
Protocol Conversion: SAML 2.0 → OpenID Connect (OIDC)
Provider: OpenAthens
Integration Point: Auth0
Authentication Attributes
Primary Identifier
Attribute Name: eduPersonScopedAffiliation
Format: role@domain.edu
Examples:
member@university.edustudent@university.edustaff@institution.edu
Usage: The domain portion is extracted for user organization mapping.
API Integration
User Lookup Endpoint
Service: platform-sso-services
Endpoint: GET /users/get-by-domain
Parameter: Extracted domain from eduPersonScopedAffiliation
Response: User account information if domain mapping exists
Domain Mapping Files
Repository: platform-sso-services
Location: /data/
Format: JSON
Environments: Development, Stage, Production
Auth0 Configuration
Connection Type: SAML
Post-Login Action: maybe_insert_user_to_legacy_db.js
Repository: auth0-terraform-provider/actions/
Environment URLs
Deeplink URLs
- Local:
https://www.statista.test/sso/oa-deeplink?entity=https://idp.statista.com/entity - Stage:
https://stage.statista.com/sso/oa-deeplink?entity=https://idp.statista.com/entity - Production:
https://www.statista.com/sso/oa-deeplink?entity=https://idp.statista.com/entity
User Info URLs
- Local:
https://www.statista.test/sso/userinfo - Stage:
https://stage.statista.com/sso/userinfo - Production:
https://www.statista.com/sso/userinfo
Test Credentials
Location: Bitwarden → CPE_Internal collection
Username: stat_test-user
Organization: Statista
Related Documentation
- Architecture & Concepts: See OpenAthens Keystone Architecture
- Testing Guide: See Testing OpenAthens Keystone Login
- Configuration: See Add a New OpenAthens Connection