Main Goal of Discovery Service
Peter Schober
peter.schober at univie.ac.at
Thu May 7 10:24:53 EDT 2015
* Surinaidu Majji <pioneer.suri at gmail.com> [2015-05-07 16:16]:
> This is probably too general question but We want to get clarification.
> The main purpose of Shibboleth discovery service is to route the user to
> select an idp from the list of idp's
Yes, to give the user human-friendly names for IDPs (or their owners), and
return to the SP an entityID.
> This same functionality can be achieved in a normal way(simply
> developing a module(web page) to show list of idp's),
Yes.
You can put that into your application, statically, and change it,
once a change becomes necessary (e.g. the IDP changing its
displayName).
Like with everyting else: You can use SAML metadata as a standardized,
machine-readable format to manage that information, or you can chose
any other way that suits you (incl hardcoding 2 organisation names
with one entityID each, and be done with it).
> 1)why to go for shibboleth discovery service?
So that you don't have to roll your own, esp for larger number of
IDPs. E.g. if you don't need any dynamic features (IDP being added and
removed all the time; IDPs or their owners changing names; changing
logos from the IDPs, etc.pp.) and if none of the information you want
to show in the DS is currently managed in SAML metadata, there's
nothing of value those services would give you.
As we've already covered on this list several times now: As you only
have 2 IDPs now (IIRC, with a potential 3rd one later), there's no
need to use a discovery service. There's no hurt in using one either.
-peter
More information about the users
mailing list