SAML2 based federations consist of services represented by Service Providers (SP) and Home Organizations represented by Identity Providers (IdP). Services rely on Home Organizations to identify the users and for that to happen, the services usually need to be able to direct the user to correct Home Organization. The number of Home Organizations is - particularly in eduGAIN - so vast that users potentially have to select their Home Organization from a long list of organizations which can access a particular service. Showing this (long) list of Home Organizations requires a so-called Identity Provider Discovery Service. Instead of operating a Discovery Service itself, a service operator can rely on a central Discovery Service, which is operated by a third party. A centrally maintained Discovery Service offers users a list of Home Organizations to pick from.

In the following we describe one particular Discovery Service for eduGAIN, the eduTEAMS Discovery Service.

eduTEAMS Discovery Service

The eduTEAMS Discovery service is one of several service components that form the GÉANT eduTEAMS service. Even though the name implies it, the eduTEAMS Discovery Service is not limited to be used by eduTEAMS services but in fact can be used by all eduGAIN Service Providers.

If you want to see the Discovery Service in action. Have a look at this eduTEAMS Discovery Service Demo, which shows all IdPs that have the

GÉANT Data Protection Code of Conduct or the REFEDS Research & Scholarship entity categories but hides all IdPs that have the Hide-From-Discovery entity category.

Benefits of the eduTEAMS Discovery Service

• Modern SAML2-compliant Discovery Service implementation
• Hosted in a high availability infrastructure of 3 or more nodes
• Available to all eduGAIN Service Providers for free
• Very simple to integrate into a SP web page thanks to embedded Discovery Service Javascript
• Support for many languages (if your language is not yet supported and you would like to contribute, please contact support@eduteams.org)
• Allows custom-tailoring list of IdPs based on SAML entity categories or with black/white listing individual IdPs.

Target User of eduTEAMS Discovery Service

The eduTEAMS Discovery Service is a centrally maintained Discovery Service intended to be used by eduTEAMS services in particular, and all eduGAIN services in general as its usage is not restricted.
The service is provided as-is.

Origins

The eduTEAMS Discovery Service is based on the CESNET Discovery Service implementation, which has been operational since 2012. CESNET operates the service for eduTEAMS on behalf of GÉANT.

Known Limitations

• When the user's web browser has support for third party cookies disabled, the embedded version of the eduTEAMS Discovery Service cannot store the cookies so that they are also available on another web page that also uses the same embedded Embedded WAYF.
• When a user's eb browser has disabled support for JavaScript, the user is redirected to the static version of the eduTEAMS Discovery Service. The static version of the Discovery Service doesn't, however, offer saved IdPs.

Support, Bugs and Feature Requests

The eduTEAMS Discovery Service is supported by eduTEAMS support, support@eduteams.org.

Instructions on how to use the eduTEAMS Discovery Service

• How to integrate a Service Provider to make use of the eduTEAMS Discovery Service
• Information for Identity Providers on how an IdP is shown in the Discovery Service and what data is used to present it
• How to use as End User, instructions for end users.