Versions Compared

Old Version 7

changes.mady.by.user Janne Lauros

Saved on

compared with

New Version 8

changes.mady.by.user Janne Lauros

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The protocol is described in Identity Provider Discovery Service Protocol and Profile.

Shibboleth SP

Discovery Service configuration is part of session initiator configuration. Shibboleth SP documentation on the subject is what you should rely on for more thorough information. The examples presented here might not directly apply to your existing configuration.

Set discovery for login handler

On how to apply the Discovery Service URL in your product you should consult the documentation of the product itself, in most cases Shibboleth SP documentation  or SimpleSAMLphp documentation

Embbed discovery - Shibboleth SP

This example relies on having eduTEAMS discovery set as default login handler This example instructs Shibboleth SP default login handler to use eduTEAMS discovery as a discovery service.

Code Block
titlefile:/etc/shibboleth/shibboleth2.xml
<SSO
    discoveryProtocol="SAMLDS" 
    discoveryURL="https://discovery.eduteams.org/wayf.php">
    SAML2 SAML1 
</SSO>

Embedded discovery

You may If you use the discovery in embedded fashion . In that case the page that triggers the authentication needs you need to include javascript in  head element on the page triggering the authentication,

Code Block
titleIncluding javascript
<head>
    <!-- HTML elements -->
    <script type="text/javascript" src="https://discovery.eduteams.org/ds.js"></script>
    <!-- HTML elements -->
</head>

and then display a the element triggering itself that triggers the authentication as defined in default handler.

Code Block
titleLogin element
<a href="/Shibboleth.sso/Login" onclick="startOverlay(event)">Log in</a>

SimpleSAMLphp

Please read SimpleSAMLphp documentation for more thorough information if needed.

Set discovery configuration

As a result the discovery is shown in embedded fashion.

Embedded discovery - SimpleSAMLphp

This example relies on having eduTEAMS discovery set as default sp discovery serviceFor SimpleSAMLphp, WAYF configuration is set in authsources.php configuration file.

Code Block
titleauthsources.php
'default-sp' => array(
    'saml:SP',
    'entityID' => 'https://sp.example.com/simplesaml/',
    'idp' => NULL,
    'discoURL' => 'https://ds.eduid.cz/wayf.php',
    'privatekey' => 'example.key'
),

Embedded discovery

You may If you use the discovery in embedded fashion . In that case the page that triggers the authentication needs you need to include javascript in  head element on the page triggering the authentication,


Code Block
titleIncluding javascript
<head>
    <!-- HTML elements -->
    <script type="text/javascript" src="https://discovery.eduteams.org/ds.js"></script>
    <!-- HTML elements -->
</head>

...

Code Block
titleLogin element
<a href="/simplesaml/module.php/core/authenticate.php" onclick="startOverlay(event)">Log in</a>