Versionen im Vergleich

Alte Version 13

changes.mady.by.user Peter Brand

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user Peter Brand

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Kommentar: Add SA button

ACOnet provides a federated eduID.at Demo Service Provider to its community, with the entityID https://test-sp.aco.net/shibboleth
This consists of a simple WSGI application making use of data provided by the current Shibboleth Service Provider software.

Info
iconfalse

ACOnet recommends all institutions having deployed a SAML Identity Provider to also deploy at least one SAML Service Provider for more flexible testing and debugging, configuration verification, understanding of the technology & application integration patterns, as well as end-to-end monitoring of their IDP service. The eduID.at Demo Service Provider is no real substitute for running a SAML Service Provider yourself.

Accessing session data

To access data about your session you need to first log in (see below for ways of doing that) and select the desired rendering style from the "Demo SP" dropdown menu in the navigation bar on top of the page.

In addition to "echoing" back attributes recieved via displaying attributes recieved via SAML (to allow testing of a SAML IDP's attribute release confguration) the Demo SP also shows the (decoded, decrypted and reformatted) XML of the SAML assertion Assertion itself, as well as giving access to the web server's environment variables.

The Demo SP also makes use of the Shibboleth SP's feature to extract information from SAML metadata about the used SAML IDP, which is useful e.g. to provide detailed information to users on error pages etc. Use of similar methods in your own applications is highly recommended.

Demo IDP Discovery Services

The eduID.at Demo at Demo Service Provider also Provider also showcases 3 4 different SAML IDP Discovery Services:

Hinweis
iconfalse

Note that a real-world (non-demo) application will only ever use one type of Discovery Service for a consistent user experience.

  • Clicking on "Login" in the upper right corner will bring up the embedded DiscoJuice DS, which follows the REFEDS Discovery Guide to some degreeIn the middle of the start page you'll find the Shibboleth Embedded Discovery Service, which loads directly in the websiteredirect the browser to the SeamlessAccess DS, which uses thiss software.
  • Clicking on any protected "deep links" without a valid Session at that SAML SP (e.g. /attributes) the Shibboleth SP software will trigger session initiation using the provided ACOnet fallback discovery service .  (as in In that case the webserver will enforce protection and hence no HTML/JavaScript user interfaces can be used by the application rendered to offer an "embedded" Discovery Service).
  • In the middle of the start page you'll find the SeamlessAccess button.
  • A bit further below you'll find the Shibboleth Embedded Discovery Service.

All All three DS instances support typeahead searches as well as and most of them (all except the SeamlessAccess ones) allow chosing from lists of Identity Providers.

...

Questions about this service are always welcome on the eduID.at community mailing ilst.

Data processing

See eduID.at Demo Service Datenverarbeitung (in German language).