Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: note about 3rd-party cookies

Discovery may The DSX Discovery Service is recommended to be used also in embedded fashion because this is generally more user-friendly as the organisation selection is integrated directly into the service's web page. For that this to work, the authentication needs to be triggered from a page that includes javascript that where an included Javascript provides the functionality . Here we provide to show the embedded Discovery Service. On this page examples for Shibboleth SP and SimpleSAMLphp .

Shibboleth SP

are provided.

Panel
bgColor#f8f8f8

The DSX Discovery Service (formerly known as eduTEAMS Discovery Service) allows services to implement an (embedded) Identity Provider discovery.

Currently, the service is in a pilot phase, therefore some aspects of the service still may change.

This section contains functional and technical documentation on how to use the discovery service if you are a administrator of a service.


Note
titleEmbedded DSX requires Third-Party Cookies for a proper User Experience

Note that using the DSX in embedded mode is only more user-friendly if the web browser is set to accept so-called third-party cookies (i.e., HTTP Cookies set and read by sites other than the one they are visiting). With web browsers configured to block third-party cookies – which is already the default behaviour for Firefox and Safari, with Chrome to follow – an embedded DSX will never remember the selected IDP and it will never show a previously selected IDP. Forcing a subject to select their IDP again from scratch, every time they try to log in to a service using the DSX in embedded mode, is in fact very user-friendly.

Shibboleth SP

In this example we first configure the DSX Discovery Service to be used by the default Shibboleth This example relies on having eduTEAMS discovery configured for default login handler.

Code Block
titlefile:/etc/shibboleth/shibboleth2.xml
<SSO
    discoveryProtocol="SAMLDS" 
    discoveryURL="https://discoverydsx.eduteamsedugain.org/wayf.php">
    SAML2 SAML1 
</SSO>

If you To use the discovery in embedded fashion you need to include javascript in  head element on the service as embedded version, include the following Javascript in the head element if the web page triggering the authentication,:

Code Block
titleIncluding javascript
<head>
    <!-- HTML elements -->
    <script type="text/javascript" src="https://discoverydsx.eduteamsedugain.org/ds.js"></script>
    <!-- HTML elements -->
</head>

...

As a result the discovery service is shown in embedded fashionas embedded version directly on the embedding web page.

SimpleSAMLphp

This example relies on having eduTEAMS discovery set as default sp discovery serviceIn this example we first set DSX discovery to be used by default sp configuration.

Code Block
titleauthsources.php
'default-sp' => array(
    'saml:SP',
    'entityID' => 'https://sp.example.com/simplesaml/',
    'idp' => NULL,
    'discoURL' => 'https://discoverydsx.eduteamsedugain.org/wayf.php',
    'privatekey' => 'example.key'
),

If you To use the discovery in embedded fashion you need to include javascript service as embedded version include the following Javascript in  head element on the page triggering the authentication,

Code Block
titleIncluding javascript
<head>
    <!-- HTML elements -->
    <script type="text/javascript" src="https://discoverydsx.eduteamsedugain.org/ds.js"></script>
    <!-- HTML elements -->
</head>

and then display a an element triggering the authentication.

Code Block
titleLogin element
<a href="/simplesaml/module.php/core/authenticate.php" onclick="startOverlay(event)">Log in</a>

...