Shibboleth Developers

[Thomas Lenggenhager <>]

How about a flexible and lightweight WAYF? It could be used either
 - centrally in a federation for all SPs who do not want
   to care about an own WAYF, or
 - as a local WAYF run by an SP with just a list of its partner IdPs.

We are thinking about implementing such a WAYF in PHP (since
we know it better than JSP) which could look like this:

- preprocess the sites.xml into a PHP include file which contains
  the required information in a PHP data structure.

  This preprocessing could exclude and merge IdPs as required
  for the purpose. It off-loads the XML parsing from the WAYF
  and is only necessary whenever the input changes.
  One could also imagine to support a hierarchical data structure
  allowing to group IdPs on whatever criteria needed, e.g.
  geographical or type of institution. 

- an additional permanent cookie stores the IdP selected at
  the last visit.

  That is not intended for fully automatic redirection as the
  current session cookie. But in case there is no session cookie
  set it allows to preselect the IdP that in most cases a user
  will only have to hit OK. Unless he has multiple identities at
  different IdPs.

- the WAYF will read the include file and process the cookies
  to present the IdP selection list to the user.

Thomas