Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages = Embedded WAYF

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages = Embedded WAYF


Chronological Thread 
  • From: Lukas Haemmerle <>
  • To:
  • Subject: Re: [Shib-Dev] Central WAYF + Distributed WAYF - Disadvantages = Embedded WAYF
  • Date: Thu, 25 Sep 2008 08:53:22 +0200
  • Organization: SWITCH - Serving Swiss Universities
> I didn't realize you had a way to filter it. I guess that makes more sense,
> but the multiple federation issue remains a dealbreaker for me.

Well, as mentioned, you can have (in theory) an arbitrary number of IdPs
from different federations in the embedded WAYF (in the current example
there are only 3 IdPs at the bottom of the list from other federations).
However, at some point it gets unusable with the current UI :)


>> To what exactly are you referring to when speaking about the trivial
>> WAYF/DS that already is bundled with the SP? Just a page with links to
>> /Shibboleth.sso/Login?entityId=XY or the template based
>> SessionInitiator? Can you provide an example site that uses something
>> like this?
>
> The template, but it amounts to the same thing. But if you're suggesting
> that you expect the SP to drive the WAYF by providing the list of IdPs to
> display, then it's basically equivalent.

Almost, the embedded WAYF has some more advantages in comparison to
that. Besides the fact that the deployment probably is slightly easier
(copy&paste + minor configuration), the usability is increased (your IdP
gets preselected even if you never have been on that SP because the
_saml_domain cookie is read from the central WAYF where you most
probably have been and you even could get redirected automatically if
the checkbox "remember for this session" was checked before) and the
federation coordinator gets better statistical data.


> It's just a form that posts the
> selected entityID back to the same location.

Ok, well, that's exactly the behaviour that you get in the embedded WAYF
when you select an IdP from another federation (one of the bottom three
in the example).

Anyway, this still is just a proof-of-concept but I think we will try to
convince people in SWITCHaai to give it a try. Then we will see how it
is accepted. Thanks for the feedback :)

Lukas

--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Security
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
http://www.switch.ch

Archive powered by MHonArc 2.6.16.

Top of Page