Both sides previous revision Previous revision Next revision | Previous revision |
en:discovery [2021/03/04 09:42] – Silke Meyer | en:discovery [2024/02/13 09:23] (current) – [WAYFless URLs] Wolfgang Pempe |
---|
===== DFN's central Discovery Services ===== | ===== DFN's central Discovery Services ===== |
| |
We run public Discovery Services that can be used by SP operators. These Discovery Services fetch information about available IdPs from the current metadata for DFN-AAI (Advanced), DFN-AAI-Basic, DFN-AAI-Test, and eduGAIN. | We run public Discovery Services that can be used by SP operators. These Discovery Services fetch information about available IdPs from the current metadata for DFN-AAI, DFN-AAI-Test, and eduGAIN. |
| |
* For Shibboleth SPs, the integration is documented on the page about [[en:production#discovery_service|Production]]. | * For Shibboleth SPs, the integration is documented on the page about [[en:production#discovery_service|Production]]. |
| |
* [[https://www.ukfederation.org.uk/library/uploads/Documents/WAYFlessGuidance.pdf|Best Practice: WAYFless Access to Resources - Configuring on a Service and Using in a Portal]] (very detailed) | * [[https://www.ukfederation.org.uk/library/uploads/Documents/WAYFlessGuidance.pdf|Best Practice: WAYFless Access to Resources - Configuring on a Service and Using in a Portal]] (very detailed) |
* [[https://spaces.internet2.edu/display/inclibrary/Best+Practices|Best Practice recommendations of the US federation InCommon]] | * [[https://spaces.internet2.edu/display/inclibrary/Best+Practices|Best Practice recommendations of the US federation InCommon]] (Best Practice #2) |
| |
Some SP operators have documented the generation of WAYFless URLs for their platform: | Some SP operators have documented the generation of WAYFless URLs for their platform: |
* [[https://www.conf.dfn.de/beschreibung-des-dienstes/aai-freischaltung/|DFNconf and DFN-Webconf]] (in German) | * [[https://www.conf.dfn.de/anleitungen-und-dokumentation/dfnconf-portal/aai-freischaltung|DFNconf and DFN-Webconf]] (in German) |
* [[https://www.elsevier.com/solutions/sciencedirect/support/federated-authentication-through-saml|Elsevier for ScienceDirect]] | * [[https://service.elsevier.com/app/answers/detail/a_id/28537/supporthub/elsevieraccess/|Elsevier]] |
* [[https://springeronlineservice.freshdesk.com/support/solutions/articles/6000085989-what-is-a-wayfless-url-|Springer Online]] | * [[https://idp.nature.com/help/sso#wayfless|Springer Nature]] |
* [[https://www.ukfederation.org.uk/content/Documents/AvailableServices|List of Service Providers in the UK federation]], also applicable for DFN-AAI as URL configuration does not depend on the federation | * [[https://www.ukfederation.org.uk/content/Documents/AvailableServices|List of Service Providers in the UK federation]], also applicable for DFN-AAI as URL configuration does not depend on the federation |
| |
==== Konfiguration am Shibboleth SP ==== | ==== Configuration on a Shibboleth SP ==== |
Bei einem Shibboleth SP hat ein WAYFless URL in der Regel die Form: | On a Shibboleth SP a WAYFless URL has the format. ''<RESOURCE-LOCATION>'' is the protected URL.<code bash>https://<FQDN_SP_HOST>/Shibboleth.sso/Login?entityID=<ENTITYID_IDP>&target=<RESOURCE-LOCATION></code> |
| |
https://<FQDN_SP_HOST>/Shibboleth.sso/Login?entityID=<ENTITYID_IDP>&target=<RESOURCE-LOCATION> | ==== Configuration on a SimpleSAMLphp SP ==== |
| With SimpleSAMLphp a WAYFless URL looks like this by default. ''<AUTH_ID>'' is the name resp. the ID of the authentication source (type: ''saml:SP''), in general ''default-sp''.<code bash>https://<FQDN_SP_HOST>/simplesaml/module.php/core/as_login.php?AuthId=<AUTH_ID>&ReturnTo=<RESOURCE-LOCATION>&saml:idp=<ENTITYID_IDP></code> |
wobei ''<RESOURCE-LOCATION>'' der vom SP geschützte URL ist. | |
| |
==== Konfiguration in SimpleSAMLphp ==== | |
Bei simpleSAMLphp sieht ein solcher URL standardmäßig wie folgt aus: | |
| |
https://<FQDN_SP_HOST>/simplesaml/module.php/core/as_login.php?AuthId=<AUTH_ID>&ReturnTo=<RESOURCE-LOCATION>&saml:idp=<ENTITYID_IDP> | |
| |
wobei ''<AUTH_ID>'' der Name bzw. die ID der betreffenden Authentication Source (Typ: ''saml:SP'') ist, üblicherweise ''default-sp''. | |
| |
{{tag>wayf discovery eds}} | {{tag>wayf discovery eds}} |