Shibboleth 2.4.3 SAML2 and WAYF

Cantor, Scott cantor.2 at
Fri Jan 13 20:17:38 GMT 2012

On 1/13/12 3:10 PM, "Law, Bob" <Robert.Law at> wrote:

>Will do.  I guess I will tell my coworkers that we need to do an
>entirely fresh install of 2.4.3.  Does the embedded DS eliminate the
>need for WAYF?

I don't know specifically what you mean by "WAYF" in the abstract. The
concept of a WAYF was a discovery interface and the original protocol was
a relay for old requests to Shibboleth 1.x IdPs. The DS concept is a
modern replacement that speaks a different protocol and handles any SSO
protocol between the SP and IdP. Most DS software implements both the old
and new discovery protocols for compatibility. The EDS doesn't because it
assumes an SP that speaks the new one so there's no reason to do both.

Any given WAYF is/was a specific deployment that addresses some service
and/or community in some specific way. Replacing that means addressing
whatever that community's needs were in the UI and so forth, apart from
just substituting one protocol for another.

Most WAYFs were also hosted centrally by federations. The EDS is designed
to assist SPs that host their own with more UI integration than a stand
alone DS application tends to support.

-- Scott

More information about the users mailing list