Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

By default eduTEAMS Discovery Service lists all eduGAIN IdPs for user to select from. This is not always desirable and therefore eduTEAMS Discovery Service offers possiblity possibility to filter IdPs from the list. This allows SP admin to craft a list (or several lists) specifically targeting the user base of the SP.


Creating the filter - eduTEAMS Filter Generator

The filter is generated using eduTEAMS Filter Generator.

Info
iconfalse
titleeduTEAMS Filter Generator

https://discovery.eduteams.org/filter.php

The filter is generated using eduTEAMS Filter Generator. The filter consists of two filtering types.

...

  • If allow list is defined, all IdPs not on it are filtered out.
  • If deny list is defined, all IdPs on it are filtered out.


Info
iconfalse
titleMerging two filter types

When both entity categories and idp list filters are used together, the list shown comprises of IdPs not filtered out by categories filter with possible additions of IdP allow list or possible deductions of IdP deny list.

The assumption is that SP creates the base of the rules using categories filtering and then possible exceptions to those rules by Allow/Deny lists of IdPs.

Applying the filter in discovery request

The filter produced generated with the tool is set as query string parameter to eduTeams Discovery Service URL for the discovery request.  It can be set either by value or by reference.

...