SAML2 based federations consist of services represented by Service Providers (SP) and Home Organizations represented by Identity Providers (IdP). Services rely on Home Organizations to identify the users and for that to happen, the services usually need to be able to direct the user to correct Home Organization. The number of Home Organizations is - particularly in eduGAIN - so vast that users potentially have to select their Home Organization from a long list of organizations which can access a particular service. Showing this (long) list of Home Organizations requires the services to implement a so-called Identity Provider Discovery Service. Instead of operating a Discovery Service itself, an alternative solution is to a service operator can rely on a Central central Discovery Service, which is operated by a third party. A centrally maintained Discovery Service offers users a list of Home Organizations to pick from.
Benefits of the eduTEAMS Discovery Service
- Modern SAML2-compliant Discovery Service implementation
- Hosted in a high availability infrastructure of 3 or more nodes
- Very simple to integrate into a SP web page thanks to embedded Discovery Service Javascript
- Very non-intrusive
- Support for many languages
- Allows custom-tailoring list of IdPs based on SAML entity categories or with black/white listing individual IdPs.
Target Users
The eduTEAMS Discovery Service is a centrally maintained Discovery Service intended to be used by eduTEAMS services . However, there are no technical restrictions to expand the client base nor any intention to prevent non-eduTEAMS services from using itin particular, and all eduGAIN services in general as its usage is not restricted.
Origins
The eduTEAMS Discovery Service is based on a the CESNET Discovery Service that implementation, which has been operational since 2012. CESNET also operates the service for eduTEAMS on behalf of GÉANT.