Skip to end of metadata
Go to start of metadata

Service Providers need to implement IDP discovery, i.e., allowing subjects to choose the Identity Provider they want to log in with. Ideally that's done by integrating it within their application, see the REFEDS Discovery Guide for details.

ACOnet currently recommends using one of these Free/Libre software projects, which can be integrated with most any software or website:

  • Shibboleth EDS (HTML/JS- only, fully stand-alone, easiest when also using the Shibboleth SP software)
  • SWITCHwayf (PHP server software; its "embedded" integration method via HTML/JS-only still requires a full SWITCHwayf instance elsewhere, though ACOnet provides one such instance)
  • The "Standard" integration method with the SeamlessAccess service (HTML/JS-only integration with an external service not provided by ACOnet)
    • Note that the button from the "Standard" integration method – arguably SeamlessAccess' main achievement – never remembers selected IDPs (and therefore has a worse UX than any of the existing alternatives) when the web browser blocks third-party cookies (as all browsers should to protect their users' privacy from pervasive web surveillance). That's a bit unfortunate since SeamlessAccess only stores your recently used IDP in your web browser's local storage. But it's the attempted access to those locally remembered IDP selections from multiple web sites (i.e., the web sites embedding the SeamlessAccess button/code) that requires cross-site access to your local storage and therefore trigger's the browsers privacy protection (if enabled).

Embedded IDP Discovery Demo

See SAML Demo SP, section "IDP Discovery Services" for descriptions of the several methods demonstrated by the Demo SP.

Contact ACOnet for questions with regard to integrating IDP discovery into your Service Provider. 

Fallback discovery services

If all else fails you can make use of one of the central "fallback" discovery interfaces provided by ACOnet.

The SWITCHwayf software may be more familiar to subjects from ACOnet participant institutions since versions of that have been in use at since 2007. This software still works (without its more dynamic features) when JavaScript is disabled in the web browser (though not much else on the web will work in such a setup):

SWITCHwayf with ACOnet-registered IDPs

SWITCHwayf with ACOnet-registered IDPs plus Interfederation IDPs

An alternative external fallback IDP discovery service is the SeamlessAccess one, when used with their "Limited" integration method. (Though you can use their other integration methods, too, of course.)

  • No labels