ACOnet provides a federated eduID.at Demo Service Provider to its community, with the entityID
This consists of a simple WSGI application making use of data provided by the current Shibboleth Service Provider software.
Accessing session data
To access data about your session you need to first log in (see below for ways of doing that) and select the desired rendering style from the "Demo SP" dropdown menu in the navigation bar on top of the page.
In addition to "echoing" back attributes recieved via SAML (to allow testing of a SAML IDP's attribute release confguration) the Demo SP also shows the (decoded, decrypted and reformatted) XML of the SAML Assertion itself, as well as giving access to the web server's environment variables.
The Demo SP also makes use of the Shibboleth SP's feature to extract information from SAML metadata about the used SAML IDP, which is useful e.g. to provide detailed information to users on error pages etc. Use of similar methods in your own applications is highly recommended.
Demo IDP Discovery Services
The eduID.at Demo Service Provider also showcases 3 different SAML IDP Discovery Services:
- Clicking on "Login" in the upper right corner will redirect the browser to the SeamlessAccess DS, which uses thiss software.
- In the middle of the start page you'll find the Shibboleth Embedded Discovery Service, which loads directly in the website.
- Clicking on any protected "deep links" without a valid Session at that SAML SP (e.g.
All three DS instances support typeahead searches and most of them also chosing from lists of Identity Providers.
Ending your Session
The Demo SP currently provides two ways of terminating your Shibboleth SP session, for demonstration purposes and to help with easily getting back to an unauthenticated state at this SP, to start testing IDP discovery and SSO again.
- Chosing Logout in the upper right corner (where you can "Login", when you don't yet have an active session) will initiate "local" logout. This will only affect the Demo SP's own session and will not send a SAML logout request to your IDP. As such logging in again to this Demo SP right away you will experience SSO at your IDP and will not be prompted for authentication again. This is useful for repeated login/logout sequences during testing.
- Selecting the "Demo SP" dropdown menu and chosing "SAML Logout" will send a SAML Logout Request to your SAML IDP if your IDP supports some form of SAML SLO. Most IDPs do not because Logout is basically broken, in which case the Shibboleth SP will silently perform a "local" logout, not affecting your SAML IDP (or any other SAML SP) sessions!
That means unless your SAML IDP supports some form of SAML SLO both logout links will only clear the local SP session, nothing else.
Questions about this service are always welcome on the eduID.at community mailing ilst.
See eduID.at Demo Service Datenverarbeitung (in German language).