Creating the filter using the DSX DS Filter Generator
The filter is generated a base64 encoded JSON object that defines the rules for including or excluding IdPs. The easiest way to generate this is by using DSX Filter Generator.
The filter generator can create two types of filters, you may filter entities based on their SAML entity categories or based on IdP entityID values (or both).
Allow and Deny lists of Entity Categories
where contents of www.example.com/filter would be a plain text document containing the filter, for example:
More complex filters
The filter language supports scenarios that are not currently covered by the filter generator, but that can be manually constructed. Similarly, it is possible to programmatically generate your own filters by referencing a script hosted at the
efilter location. In both cases, you create a filter by generating an appropriate JSON object and then base64 encoding it.
A good starting point is to get the filter as close as possible to your needs using the filter generator at https://dsx.edugain.org/filter (e.g. honouring hide-from-discovery). You can then take the resulting JSON object show as the "Human readable form of filter" and further customise it further to your needs.
It is possible to filter IdPs by their registration authority (the federation that they come from). This may be useful when you want to list only the IdPs from a specific subset of eduGAIN that are not already identified by an entity category (for instance, only from certain countries).
The registration authority is usually specified as a URL identifying the federation operator. You can determine the correct one either from the federation's entry on the eduGAIN technical site or by examining metadata for the
For instance, the South African Identity Federation uses a registration authority of
which would then be base64 encoded to produce a filter: