Shibboleth Developers

[Ryan Abernathey <>]

I am setting up something like this right now. Our WAYF is a cgi that  
guesses the IdP based on the client's dns name or ip address. These  
addresses are matched up to a database table that maps the network of  
origin to a specific IdP. No hint is required from the SP.

Something like that might work for you if most of your users are  
connecting from University campus networks.

On Sep 16, 2005, at 9:17 AM, Lukas Haemmerle wrote:

> Hello
>
> One of our customer sites has an SP they will primarily use  
> internally.
> Mostly, the user will choose the local IdP at the WAYF. They would  
> like
> to have the own IdP pre-selected in the WAYF drop-down list, even for
> first time visitors at the WAYF.
>
> Pre-selecting the most probably best fitting IdP entry for a user can
> either be achieved by a cookie set the first time a user comes accross
> the WAYF (the cookie expires after some weeks). We have already added
> this feature to our WAYF and this works quite well. But first time
> visitors at the WAYF have to choose it themselves.
>
> A solution we envisage for first time users is the following:
> The SP provides a hint to the WAYF. Say, if 80% of an SP's users come
> from UniversityX the SP could send the user to the WAYF with an
> additional and completely optional argument that is likely for most
> users to pre-select the fitting entry.
>
> There are several possibilities one could solve that:
>
> 1. Append virtual path to WAYF
> The Shibboleth config of the SP would use something like
>
>   https://www.wayf.com/WAYF/UniversityX
>
> as WAYF url. So a user would actually be redirected to the WAYF with
> https://www.wayf.com/WAYF/UniversityX? 
> shire=...&target=...&providerID=...
>
> and the actual WAYF script would be appended by a "virutal" path
> ("/UniversityX") that is completely optional but gives the WAYF a hint
> what entry to select in the drop-down list if the user doesn't have a
> cookie set yet.
> This may involve some web server configuration (3 lines of code
> for Apache2 and a PHP WAYF) and some kind of mapping in the WAYF  
> script.
>
> 2. Append an argument to the WAYF URL
> The hint, of course, could also be provided as an additional argument,
> e.g. '&defaultProviderId=...' The problem with this solution is  
> that if
> one configures Shibboleth with a WAYF URL like
> 'https://www.wayf.com/WAYF?defaultProviderId=blablabla' this causes
> problems because Shibboleth itself appends an argument string like
>  '?shire=...&target=...&providerID=...'
> You would have two '?' in the URL, which is illegal for an URL  
> according
> to RFC 1738.
>
> We see these options:
> 2.a. Shibboleth checks the WAYF URL string from the config file and  
> adds
> either a '?' or a '&' before the rest of the arguments get appended.
>
> 2.b. An additonal config parameter could be used to append custom
> arguments. This would involve extending the configuration schema
>
> 2.c. An optional string like '{}' could be used as place holder in the
> config file for the WAYF URL, so that you could determine yourself  
> where
> to insert the shire/target/providerID arguments in the URL.
> So in the example from above
>   'https://www.wayf.com/WAYF?{}&defaultProviderId=blablabla'
>
> What is your opinion on this?
>
> We are aware that this is not something of high importance but
> nice-to-have and we would just like to hear what other Shibboleth
> admins have to comment on this.
>
> Option 1  needs no changes to Shibboleth SP code, but just to the
> WAYF, so it is the fastest to deploy. However, in the longer run,  
> option
> 2 would be simpler.
>
> Cheers
> Lukas
>
> --
> -------  SWITCH - The Swiss Education & Research Network  ------
> Lukas Haemmerle          NetServices       http://www.switch.ch/
> SWITCH,  Neumuehlequai 6, P.O. Box,  CH-8021 Zurich, Switzerland
> Email: 
>
>   Tel: +41442681564  Fax: +41442539898