...
- Build yourself or use available solutions? You can either build your own discovery service or use existing options:
- For instance, some SAML implementations already have a discovery feature built in.
- Use a hosted discovery service. This can be as simple as configuring a URL in your SAML software. Two highly recommended options options that are known to work and free of charge are:
- the eduGAIN discovery service
- The Identity Selector Software (thiss.io)
- Metadata: the metadata (see previous step) contains the necessary information of all eduGAIN Identity Providers and Service Providers (such as the name of the Identity Provider, a logo (optional), the technical endpoints, etc.). If your service is only accessible to certain Identity Providers, you might want to apply some filtering (by white- or blacklisting).
- The discovery page itself: using the (processed) metadata, you can now implement a webpage that shows all Identity Providers to the user which are available for logging in. You are completely free to design and implement a discovery page the way you like it. However, there are some do's and don'ts that are mainly about usability listed on the REFEDS website. Please read those before you start working on the discovery page.
...