Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
bgColor#f8f8f8
titleImportant Note

The DSX Discovery Service (formerly known as eduTEAMS Discovery Service) allows services to implement an (embedded) Identity Provider discovery.

Currently, the service is in a pilot phase. The pilot phase ends end 2020. After December 31st 2020, the service will be decomissioned. We recommend to have a look at the GÉANT-operated Seamless Access Discovery Service service as alternative.

This section contains functional and technical documentation on how to use the discovery service if you are a administrator of a service.



Image Added


SAML2 based federations consist of services represented by Service Providers (SP) and Home Organizations represented by Identity Providers (IdP). Services rely on Home Organizations to identify the users and for that to happen, the services usually need to be able to direct the user to correct Home Organization. The number of Home Organizations is - particularly in eduGAIN - so vast that users potentially have to select their Home Organization from a long list of organizations which can access a particular service. Showing this (long) list of Home Organizations requires a so-called Identity Provider Discovery Service. Instead of operating a Discovery Service itself, a service operator can rely on a central Discovery Service, which is operated by a third party. A centrally maintained Discovery Service offers users a list of Home Organizations to pick from.

In the following we describe one particular Discovery Service for eduGAIN, the DSX Discovery Service.

DSX Discovery Service

The DSX Discovery service is general-purpose SAML2 Discovery Service available to all services that are part of the interfederation service eduGAIN.


Image Added

If you want to see the Discovery Service in action. Have a look at this DSX Discovery Service Demo, which shows all IdPs that have the

GÉANT Data Protection Code of Conduct or the REFEDS Research & Scholarship entity categories but hides all IdPs that have the Hide-From-Discovery entity category.


Benefits of the DSX Discovery Service

  • Modern SAML2-compliant Discovery Service implementation
  • Hosted in a high availability infrastructure of 3 or more nodes
  • Available to all eduGAIN Service Providers for free
  • Very simple to integrate into a SP web page thanks to embedded Discovery Service Javascript
  • Support for many languages (if your language is not yet supported and you would like to contribute, please contact support@edugain.org)
  • Allows custom-tailoring list of IdPs based on SAML entity categories or with black/white listing individual IdPs.

Target User of DSX Discovery Service

The DSX Discovery Service is a centrally maintained Discovery Service intended to be used by all eduGAIN services in general as its usage is not restricted.
The service is provided as-is.

Origins

The DSX Discovery Service is based on the CESNET Discovery Service implementation, which has been operational since 2012. CESNET operates the service on behalf of GÉANT in a pilot phase.

Known Limitations

  • When the user's web browser has support for third party cookies disabled, the embedded version of the DSX Discovery Service cannot store the cookies so that they are also available on another web page that also uses the same embedded Embedded WAYF.
  • When a user's web browser has disabled support for JavaScript, the user is redirected to the static version of the DSX Discovery Service. The static version of the Discovery Service doesn't, however, offer saved IdPs.

Support, Bugs and Feature Requests

The DSX Discovery Service is supported by eduGAIN support, support@edugain.org.

Instructions on how to use the DSX Discovery Service