Versions Compared

Old Version 59

changes.mady.by.user Lukas Haemmerle

Saved on

compared with

New Version 60

changes.mady.by.user Lukas Haemmerle

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed name and links

By default eduTEAMS DSX Discovery Service lists all eduGAIN IdPs for user to select from, which is a list of several thousand IdPs. Showing all IdPs often is not desirable. The eduTEAMS DSX Discovery Service allows to filter out IdPs so that only the relevant IdPs are shown in the list. This allows an SP admin to create a list (or several lists) specifically targeting the user base of his SP. If for nothing else, the filtering should be used to hide IdPs not meant to be shown for 'normal' end user i.e. IdPs having entity category http://refeds.org/category/hide-from-discovery.

Creating the filter using the

...

DSX DS Filter Generator

The filter is generated using eduTEAMS DS DSX Filter Generator.

Info
iconfalse
titleeduTEAMS Filter Generator

https://discoverydsx.eduteamsedugain.org/filter

The filter generator can create two types of filters, you may filter entities based on their SAML entity categories or based on IdP entityID values.

...

Expand
titleExample: Show all IdPs except those marked as hidden, Deny list of categories

This example shows how to list all IdPs not tagged as hidden. This is the main use case to setup list of all eduGAIN IdPs.

Navigate to filter generator on https://discoverydsx.eduteamsedugain.org/filter

Click open the 'select entity categories' - accordion. You should now see all the possible entity categories to choose from in a grey box.

Move http://refeds.org/category/hide-from-discovery to red box.


At the bottom of the page you should see the resulting filter and its plaintext version.

Info
iconfalse
titleOutcome

Show all IdPs not belonging to category http://refeds.org/category/hide-from-discovery


...

Expand
titleExample: Research and Scholarship, Allow list of entity categories

This example shows how to list only IdPs tagged with Research and Scholarship entity category.

Navigate to filter generator on https://discoverydsx.eduteamsedugain.org/filter

Click open the 'select entity categories' - accordion. You should now see all the possible entity categories to choose from in a grey box.

Move http://refeds.org/category/research-and-scholarship to green box. Move also http://id.incommon.org/category/research-and-scholarship.

At the bottom of the page you should see the resulting filter and its plaintext version.


Info
iconfalse
titleOutcome

Show only IdPs having atleast one of the categories http://refeds.org/category/research-and-scholarship and http://id.incommon.org/category/research-and-scholarship.


...

Expand
titleExample: Allow list of IdPs

This example shows how to list a specific set of IdPs.

Navigate to filter generator on https://discoverydsx.eduteamsedugain.org/filter.

Click open the 'select individual IdPs' - accordion. You should now see all the possible IdPs to select from.

Make sure that the radio - button 'Selected IdPs will be visible' is checked. Select the entities you want the user to pick the IdP from.

At the bottom of the page you should see the resulting filter and its plaintext version. Note that by picking individual IdPs you will easily end up with a large filter and you need to set it by reference.

Info
iconfalse
titleOutcome

Show only IdPs https://idp.aalto.fi/idp/shibboleth, https://birk.wayf.dk/birk.php/wayf.au.dk and https://shibboleth.aber.ac.uk/shibboleth-TST.



...

Expand
titleExample: Select entities by category and then some

This example shows how to list all IdPs tagged with Research and Scholarship entity category and a specific set of IdPs.

Navigate to filter generator, https://discoverydsx.eduteamsedugain.org/filter.

Click open the 'select entity categories' - accordion. You should now see all the possible entity categories to choose from in a grey box.

Move http://refeds.org/category/research-and-scholarship to green box. Move also http://id.incommon.org/category/research-and-scholarship.

Click open the 'select individual IdPs' - accordion. You should now see all the possible IdPs to select from.

Make sure that the radio - button 'Selected IdPs will be visible' is checked. Select the "Aalto" entity (not belonging to mentioned categories at the time of the writing).

At the bottom of the page you should see the resulting filter and it's plaintext version.

Info
iconfalse
titleOutcome

Show https://idp.aalto.fi/idp/shibboleth and any IdP having at least one of the categories http://refeds.org/category/research-and-scholarship and http://id.incommon.org/category/research-and-scholarship.


...

Filter by value - filter

Code Block
https://discoverydsx.eduteamsedugain.org/wayf.php?filter=eyJhbGxvd0hvc3RlbCI6dHJ1ZSwiYWxsb3dIb3N0ZWxSZWciOnRydWV9Cg==

...

Expand
titleExample: Shibboleth SP


Code Block
title/etc/shibboleth/shibboleth2.xml
<SSO
    discoveryProtocol="SAMLDS"
    discoveryURL="https://discoverydsx.eduteamsedugain.org/wayf.php?filter=eyJhbGxvd0hvc3RlbCI6dHJ1ZSwiYWxsb3dIb3N0ZWxSZWciOnRydWV9Cg==">
    SAML2 SAML1
</SSO>


...

Expand
titleExample: SimpleSAMLphp


Code Block
titleauthsources.php
'default-sp' => array(
    'saml:SP',
    'entityID' => 'https://sp.example.com/simplesaml/',
    'idp' => NULL,
    'discoURL' => 'https://discoverydsx.eduteamsedugain.org/wayf.php?filter=eyJhbGxvd0hvc3RlbCI6dHJ1ZSwiYWxsb3dIb3N0ZWxSZWciOnRydWV9Cg==',
    'privatekey' => 'example.key'
),


Filter by reference - efilter

Code Block
https://discoverydsx.eduteamsedugain.org/wayf.php?efilter=www.example.com/filter

...

Expand
titleExample: Shibboleth SP


Code Block
title/etc/shibboleth/shibboleth2.xml
<SSO
    discoveryProtocol="SAMLDS"
    discoveryURL="https://discoverydsx.eduteamsedugain.org/wayf.php?efilter=www.example.com/filter">
    SAML2 SAML1
</SSO>


...

Expand
titleExample: SimpleSAMLphp


Code Block
titleauthsources.php
'default-sp' => array(
    'saml:SP',
    'entityID' => 'https://sp.example.com/simplesaml/',
    'idp' => NULL,
    'discoURL' => 'https://discoverydsx.eduteamsedugain.org/wayf.php?efilter=www.example.com/filter',
    'privatekey' => 'example.key'
),


...