Integration of Discovery Service
upadrista.sarath at gmail.com
Tue May 5 01:44:46 EDT 2015
We are using Shibboleth's IDP 2.4.0 version. We have written our own
Service provider which will prepare SAML request to the Shibboleth's IDP
before successful authentication whenever, user is trying to access the
Protected resource and process the SAML response of IDP after successful
authentication. We use
Authentication method and ExternalAuthn type login handler. By using the
ExternalAuthn type login handler we are calling to our own DataBase for the
Now we have got a new requirement for the SSO. We have got a new third
party authentication system which has the capability to do the
authentication. It has got a separate database by nature and will show its
own login page. We call it as SIICA Authentication system. We are not sure
whether it is similar to Shibboleth's IDP because it doesn't know how to
process SAML request.
So, after some investigation we came across a new service named Discovery
Service which has the capability to discover the IDP's and ask the user's
choice to choose from which IDP he want's to do the authentication.
Below are my questions on the Discovery Service:
There are two kinds of Discovery Service:
1) Embedded Discovery Service:
On studying about this DS, I found that, it is tightly coupled with
the Shibboleth's SP. Am I correct?. Is it possible to integrate this DS
into our Service provider which is not Shibboleth.
2) Centralized Discovery Service:
If there are more IDP's then this is better. We have got two IDP's
and in future it may add one more. So, is it a better choice to use the
Centralized Discovery service into our project?.
Please suggest me based on the requirement above How can I implement the
Shell I write my own Discovery Service or use the Shibboleth's Discovery
Thanks & Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the users