Versions Compared

Old Version 13

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 14

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fix more confluence formatting errors

ACOnet provides a federated eduID.at Demo Service Provider to its community, with the entityID https://test-sp.aco.net/shibboleth
This consists of a simple WSGI application making use of data provided by the current Shibboleth Service Provider software.

Info
iconfalse

ACOnet recommends all institutions having deployed a SAML Identity Provider to also deploy at least one SAML Service Provider for more flexible testing and debugging, configuration verification, understanding of the technology & application integration patterns, as well as end-to-end monitoring of their IDP service. The eduID.at Demo Service Provider is no real substitute for running a SAML Service Provider yourself.

Accessing session data

To access data about your session you need to first log in (see below for ways of doing that) and select the desired rendering style from the "Demo SP" dropdown menu in the navigation bar on top of the page.

In addition to "echoing" back attributes recieved via SAML (to allow testing of a SAML IDP's attribute release confguration) the Demo SP also shows the (decoded, decrypted and reformatted) XML of the SAML assertion itself, as well as giving access to the web server's environment variables.

The Demo SP also makes use of the Shibboleth SP's feature to extract information from SAML metadata about the used SAML IDP, which is useful e.g. to provide detailed information to users on error pages etc. Use of similar methods in your own applications is highly recommended.

Demo IDP Discovery Services

...

  • Clicking on "Login" in the upper right corner will bring up the embedded DiscoJuice DS, which follows the REFEDS Discovery Guide to some degree
  • In the middle of the start page you'll find the Shibboleth Embedded Discovery Service, which loads directly in the website.
  • Clicking on any protected "deep links" without a valid Session at that SAML SP (e.g. /attributes) the Shibboleth SP software will trigger session initiation using the provided fallback discovery service (as in that case the webserver will enforce protection and hence no JavaScript user interfaces can be used by the application to offer an "embedded" Discovery Service).

...