saml2 embedded discovery service in the guanxi service provider
Wed, Jan 26, 2011
The Internet2 Embedded Discovery Service (EDS) was recently released on beta so I thought I’d plumb it into the Guanxi Service Provider. The install instructions are pretty simple and The JSON schema is here. You basically just copy the files to somewhere on your SP and then feed it JSON generated from the metadata the SP consumes as part of its normal duties and bob’s your uncle.
Embedding it in Guanxi was fairly simple since I rejigged the profile handling into what is essentially a Profile Controller, called the Generic Profile Service (GPS). Guards redirect to this when requesting federated access and inserting a new handler, SAML2DiscoveryProfileService, I could easily create a feedback loop to replay the Guard request but populated with an entityID, chosen by the user from the EDS.
What happens now is the SAML2 metadata parser that runs once an hour usually, now interacts with the DiscoveryFeedManager to pass it entities to manage for the EDS. The DiscoveryFeedManager then generates a correct JSON feed for the EDS. So what the user sees depends on the metadata the SP is consuming.
Some essential reading: