Version 3 (modified by 12 years ago) (diff) | ,
---|
CLARIN Central Discovery Service
The CLARIN central discovery service is based on DiscoJuice (version 1.0), see: http://discojuice.org/.
The goal is to provide an easy to use discovery service for all CLARIN service providers. By using the same discovery service users do not have to re-login or re-select their IDP when switching between service providers. A drawback of the central discovery service is the fact that it introduce a single point of failure (SPOF). Currently we are looking into ways to make this central discovery service high availability.
Status
The CLARIN central discojuice WAYF service is currently operating as a beta service.
Currently used at the catalog.clarin.eu SPs, like the component registry: http://catalog.clarin.eu/ds/ComponentRegistry/ (click on login)
Roadmap
- We plan to release version 1 of the CLARIN central discojuice WAYF service around Christmas 2011.
- Look into high availability options.
- Upgrade to DiscoJuice 2.0
Configuration
How to use discojuice as your shibboleth WAYF?
- Get access to a discojuice WAYF:
- Host discojuice yourself (see http://discojuice.org for installation instructions).
- Use an external hosted discojuice WAYF service (http://catalog.clarin.eu/discojuice/idp.html provided by CLARIN).
- Configure a login endpoint in your SP configuration to use the discojuice WAYF service ( either 1a or 1b ), see the next section for more details.
- Use this new login endpoint
DiscoJuice login endpoint
In order to use discojuice as the WAYF service, a session initiator needs to be configured in the SPs 'shibboleth2.xml' configuration file. The 'Location' attribute specifies the login endpoint you can use to append to your handler url (/Shibboleth.sso by default) to start a shibboleth session. The 'URL' attribute of the session initiator of type 'SAMLDS' should point to the discojuice installation you want to use.
A restart of the SP is required after changing the 'shibboleth2.xml' configuration file.
Example using the CLARIN provided discojuice WAYF:
<SessionInitiator type="Chaining" Location="/DiscoJuice" id="DiscoJuice" relayState="cookie"> <SessionInitiator type="SAML2" defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html"/> <SessionInitiator type="Shib1" defaultACSIndex="5"/> <SessionInitiator type="SAMLDS" URL="http://catalog.clarin.eu/discojuice/idp.html"/> </SessionInitiator>
Of you're using Shibboleth 2.4.x you can use the following, less verbose, snipped:
<!-- use CLARIN central discovery service (DiscoJuice) --> <SSO discoveryProtocol="SAMLDS" discoveryURL="http://catalog.clarin.eu/discojuice/idp.html"> SAML2 SAML1 </SSO>
Make sure to restart shibd and the Apache webserver for changes to come into effect!
Attachments (2)
- disco-old.png (157.7 KB) - added by 12 years ago.
- disco-new.png (238.2 KB) - added by 12 years ago.
Download all attachments as: .zip