...
- Build yourself or use available solutions? You can either build your own discovery service or use existing options:
- For instance, some SAML implementations already have a discovery feature built in.
- Use a hosted discovery service. This can be as simple as configuring a URL in your SAML software. Two highly recommended options are:
- the eduGAIN discovery service
- The Identity Selector Software (thiss.io)
- Metadata: the metadata (see previous step) contains the necessary information of all eduGAIN Identity Providers and Service Providers (such as the name of the Identity Provider, a logo (optional), the technical endpoints, etc.). If your service is only accessible to certain Identity Providers, you might want to apply some filtering (by white- or blacklisting).
- The discovery page itself: using the (processed) metadata, you can now implement a webpage that shows all Identity Providers to the user which are available for logging in. You are completely free to design and implement a discovery page the way you like it. However, there are some do's and don'ts that are mainly about usability listed on the REFEDS website. Please read those before you start working on the discovery page.
...
If the Service Provider software you use does not provide a built-in discovery page, please refer to one of the following other options:
- eduTEAMS Discovery Service, https://wiki.geant.org/display/ED/Discovery+Service. Developed by GÉANT (who are also responsible for eduGAIN), this service allows you to easily integrate a user-friendly Discovery Page into your serviceThe two hosted options described above.
- pyFF, a Python application that aggregates metadata and automatically generates a discovery page: https://github.com/leifj/pyFF/. (If you use SimpleSAMLphp, you can follow this tutorial: Discovery page with pyFF + SimpleSAMLphp)
- Shibboleth DS, https://wiki.shibboleth.net/confluence/display/SHIB2/DSInstall
...