...
- Build yourself or use available solutions? You can either build your own discovery service or use existing options:
- For instance, some SAML implementations already have a discovery feature built in .(see below for some examples)
- Use a hosted discovery service. This can be as simple as configuring a URL in your SAML software. Two options An option that are is known to work and free of charge are:chage is:
- the eduGAIN discovery service
- The Identity Selector Software (thiss.io) also known as seamlessaccess.org.
- Metadata: the metadata (see previous step) contains the necessary information of all eduGAIN Identity Providers and Service Providers (such as the name of the Identity Provider, a logo (optional), the technical endpoints, etc.). If your service is only accessible to certain Identity Providers, you might want to apply some filtering (by whiteallow- or blacklistingblocklisting).
- The discovery page itself: using the (processed) metadata, you can now implement a webpage that shows all Identity Providers to the user which are available for logging in. You are completely free to design and implement a discovery page the way you like it. However, there are some do's and don'ts that are mainly about usability listed on the REFEDS website. Please read those before you start working on the discovery page.
...
2. If an EntityID-attribute is specified in the <SSO>-element of the shibboleth2.xml file, remove this attribute from the <SSO>-element.
3. Look at the IdPDiscovery-page on the Shibboleth Wiki for further information regarding the discovery page.
...
- The two hosted options described above.
- pyFF, a Python application that aggregates metadata and automatically generates a discovery page: https://github.com/leifj/pyFF/. (If you use SimpleSAMLphp, you can follow this tutorial: Discovery page with pyFF + SimpleSAMLphp)
- Shibboleth DS, https://wiki.shibboleth.net/confluence/display/SHIB2/DSInstall Embedded Discovery Service
It should not normally be necessary to implement something from scratch.
...