- Wayfinder is available to InCommon-registered services. If your service is not in InCommon, we suggest connecting directly to SeamlessAccess.
- Your Service Provider (SP) must support the OASIS SAML V2.0 Identity Provider Discovery Protocol and Profile.
Edit your metadata to include at least one Discovery Response Endpoint:
- Sign in to Federation Manager
- Find your SP; find the Discovery Response Endpoint section; click edit/add.
- Enter your Discovery Response Endpoint URL in the Location input box; click save.
- Navigate to the Attribute Consumer Service section to configure at least one valid SAML V2.0 endpoint.
Fill out the Metadata User Interface (MDUI) section of the metadata completely and with care.
During sign in, Wayfinder displays at least the DisplayName in your SP metadata to the user. This is how the user recognizes which service they are signing into. The name you choose should be clear and distinctly identifies your particular service.
For example, University of America configures its Zoom service to use Wayfinder. A good DisplayName for U of A's Zoom is "University of America Zoom Video Conference Service". On the other hand, "Zoom", or "UA Zoom" would be poor, ambiguous name choices.
The Discovery Response Endpoint, or the "Location" attribute in the <idpdisc:DiscoveryResponse> metadata element, is a return address at the SP. After a user has chosen their preferred home organization, Wayfinder redirects the user back to the SP's Discovery Response Endpoint.
To maintain the security of the sign-in process, Wayfinder will only redirect the user to the Discovery Response Endpoint specified in the SP's InCommon-registered metadata.
Configure your software so that when user sign in is needed, re-direct the user to the InCommon Wayfinder, per OASIS Identity Provider Discovery Service Protocol and Profile. InCommon Wayfinder is located at:
https://wayfinder.incommon.org/
See: Configuring Shibboleth SP to use Wayfinder
When redirecting a user to Wayfinder, construct the redirect URL to contain at least the URL-encoded value of your SP's SAML entityID. For example, an SP with an entityID of https://foo.net/sp would construct the following redirect URL:
https://wayfinder.incommon.org/DS/WAFY?entityID=https%3A%2F%2Ffoo.net%2Fsp
See OASIS Identity Provider Discovery Service Protocol and Profile for additional query string parameter options.