Versions Compared

Old Version 61

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 62

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

InCommon Discovery Service

As of 5 January 2011, the InCommon Discovery Service is a production service. Visit our web site for a brief history of discovery and other information about the InCommon Discovery Service.

...

Visit the Discovery Service FAQ for more information about the InCommon Discovery Service.

Software and Metadata Considerations

Configuring Metadata for Discovery

If your SP supports SAML V2.0, and the SP is configured to use the SAML V2.0 Identity Provider Discovery Protocol, you must configure your SP's metadata to include one or more <idpdisc:DiscoveryResponse> elements. If you don't, a request to a properly configured discovery service endpoint (such as the InCommon Discovery Service) will fail.

...

The Discovery Service and the IdP have similar requirements with respect to metadata. Both components will redirect the browser user back to the SP, but only to a trusted endpoint at the SP. Those endpoints must be called out in SP metadata, otherwise the protocol is violated and the redirect will not occur.

Configuring your SAML Service Provider Software

In general, configuring your SP software for discovery depends on the protocol(s) it supports. If your SP supports SAML V1.1 only, you must configure your SP to use the legacy WAYF protocol, which is based on the proprietary Shibboleth 1.x AuthnRequest protocol. If your SP supports SAML V2.0 only, you must configure your SP to use the SAML V2.0 Identity Provider Discovery Protocol. In that case, you must configure SP metadata as described in the previous section.

...