Versions Compared

Old Version 8

changes.mady.by.user Lukas Haemmerle

Saved on

compared with

New Version Current

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: note about 3rd-party cookies

The eduTEAMS DSX Discovery Service is recommended to be used in embedded fashion because this is generally more user-friendly as the organisation selection is integrated directly into the service's web page. For this to work, the authentication needs to be triggered from a page where an included Javascript provides the functionality to show the embedded Discovery Service. On this page examples for Shibboleth SP and SimpleSAMLphp are provided.

Panel
bgColor#f8f8f8

The DSX Discovery Service (formerly known as eduTEAMS Discovery Service) allows services to implement an (embedded) Identity Provider discovery.

Currently, the service is in a pilot phase, therefore some aspects of the service still may change.

This section contains functional and technical documentation on how to use the discovery service if you are a administrator of a service.


Note
titleEmbedded DSX requires Third-Party Cookies for a proper User Experience

Note that using the DSX in embedded mode is only more user-friendly if the web browser is set to accept so-called third-party cookies (i.e., HTTP Cookies set and read by sites other than the one they are visiting). With web browsers configured to block third-party cookies – which is already the default behaviour for Firefox and Safari, with Chrome to follow – an embedded DSX will never remember the selected IDP and it will never show a previously selected IDP. Forcing a subject to select their IDP again from scratch, every time they try to log in to a service using the DSX in embedded mode, is in fact very user-friendly.

Shibboleth SP

In this example we first configure the eduTEAMS DSX Discovery Service to be used by the default Shibboleth login handler.

Code Block
titlefile:/etc/shibboleth/shibboleth2.xml
<SSO
    discoveryProtocol="SAMLDS" 
    discoveryURL="https://discoverydsx.eduteamsedugain.org/wayf.php">
    SAML2 SAML1 
</SSO>

...

Code Block
titleIncluding javascript
<head>
    <!-- HTML elements -->
    <script type="text/javascript" src="https://discoverydsx.eduteamsedugain.org/ds.js"></script>
    <!-- HTML elements -->
</head>

...

In this example we first set eduTEAMS DSX discovery to be used by default sp configuration.

Code Block
titleauthsources.php
'default-sp' => array(
    'saml:SP',
    'entityID' => 'https://sp.example.com/simplesaml/',
    'idp' => NULL,
    'discoURL' => 'https://discoverydsx.eduteamsedugain.org/wayf.php',
    'privatekey' => 'example.key'
),

...

Code Block
titleIncluding javascript
<head>
    <!-- HTML elements -->
    <script type="text/javascript" src="https://discoverydsx.eduteamsedugain.org/ds.js"></script>
    <!-- HTML elements -->
</head>

...

Code Block
titleLogin element
<a href="/simplesaml/module.php/core/authenticate.php" onclick="startOverlay(event)">Log in</a>

...