WAYF alternatives

Peter Schober peter.schober at univie.ac.at
Fri May 26 08:02:54 EDT 2017


* Jozef Misutka <misutka at ufal.mff.cuni.cz> [2017-05-26 12:33]:
> I would like to ask you about your experience with different WAYF solutions
> (embedded/standalone page that lists IdPs that can be used with our SP) .

The best we have is probably this: https://discovery.refeds.org/
Based on the NISO ESPRESSO standard and actual UX testing, IIRC.

> When larger inter federations are used, even widely used solutions
> have their issues.

You'll need to be more specific, but generally that will be the case
for everything and anything.

> Developing a new one is relatively easy but we would rather re-use
> existing solution.

Hard to recommend anything based on the lack of specifics.
E.g. if you're in the market for a single DS shared across many SPs
then deployment complexity isn't relavant, as there will only be one
install to look after.

Personally I use the Shibboleth EDS everywhere, "embedded" into (or
co-located with) every individual SP, but in a pinch also as
standalone service shared between services (e.g. used across a whole
VO or research project, e.g. all of CLARIN or whatrever).
Its huge benefit is that is has no dependency on external services,
other than something that can produce a suitable JSON feed (commonly
done by the Shib SP software, which often will also be the most
straight forward and secure way to do so).

[ Contrary to e.g. DiscoJuice, which depends on a central domain and
service (though you can hack the code to remove this dependency or
replace it with a dependecy you control), also it's de facto
abandonware, since noone picked up when Andreas moved on. ]

It's not trivial (for me) to modify/adapt the EDS more heavily,
though, and there's the issue of (failing) language detection in some
browsers (Chromium/Chrome at least).
There are possible workarounds for the language issue, discussed in
the Shibboleth issue tracker, but nothing has been implemented in the
many years this has been reported/discussed.
So one issue with the EDS is lack of manpower and/or contributions.
(Inventing something else will not magically avoid this problem,
generally speaking.)

SWITCHwayf certainly has a pleasant UI (e.g. typeahead and dropdown
list in one UI element, combining the two different views in the Shib
EDS) and the "embedded" variant is extremely adaptable, it does depend
on PHP software on a(nother) server, though, generating its feed.

pyFF has a nice UI but requires pyFF running somewhere (D'oh) which
isn't the easiest thing in the world either.
Have a look at the latest (as per today) post to the pyff-users
mailing list (cf. http://pyff.io/ ), though. LeifJ posted a strawman
on "future discovery", trying to revive Milan S.'s idea of a central
discovery "memory" to some degree.

CESNET have created their own DS, initially to replace DiscoJuice
(AFAIR, partially because DiscoJuice had issues on the
iPocketComputer) but I'm not aware of any use outside CESNET.
That doesn't mean it's bad (or good) design- or code-wise, of course.

-peter


More information about the users mailing list