Skip to end of metadata
Go to start of metadata

Service Providers need to implement IDP discovery, i.e., allowing subjects to choose the Identity Provider they want to log in with. Ideally that's done by integrating it within their application, see the REFEDS Discovery Guide for details.

ACOnet currently recommends using one of these Free/Libre software projects, which can be integrated with most any software or website:

  • Shibboleth EDS (HTML/JS- only, fully stand-alone, easiest when also using the Shibboleth SP software)
  • SWITCHwayf (PHP server software; its "embedded" integration method via HTML/JS-only still requires a full SWITCHwayf instance elsewhere, though ACOnet provides one such instance)
  • The "Standard" integration method with the SeamlessAccess service (HTML/JS-only integration with an external service not provided by ACOnet)
    • Note that the button from the "Standard" integration method – arguably SeamlessAccess' main achievement – never remembers selected IDPs (and therefore has a worse UX than any of the existing alternatives) when the web browser blocks third-party cookies. That's unfortunate since SeamlessAccess doesn't do anything nefarious with its cross-site access: It merely helps your web browser to locally remember previously selected IDPs across all the services you may be using. But what some code blocked from execution would do if it were not blocked cannot factor into the browser's decision and so SeamlessAccess becomes a victim of (otherwise sensible and recommendable) privacy protection measures.

Embedded IDP Discovery Demo

See SAML Demo SP, section "IDP Discovery Services" for descriptions of the several methods demonstrated by the eduID.at Demo SP.

Contact ACOnet for questions with regard to integrating IDP discovery into your eduID.at Service Provider. 

Fallback discovery services

If all else fails you can make use of one of the central "fallback" discovery interfaces provided by ACOnet.

The SWITCHwayf software may be more familiar to subjects from ACOnet participant institutions since versions of that have been in use at since 2007. This software still works (without its more dynamic features) when JavaScript is disabled in the web browser (though not much else on the web will work in such a setup):

SWITCHwayf with ACOnet-registered IDPs

SWITCHwayf with ACOnet-registered IDPs plus Interfederation IDPs

An alternative external fallback IDP discovery service is the SeamlessAccess one, when used with their "Limited" integration method. (Though you can use their other integration methods, too, of course.)

  • No labels