This space contains the old OpenAthens SP documentation and is no longer maintained.
OpenAthens SP software is already out of support and will reach end of life in May 2020.

Check out OpenAthens Keystone instead. It's supercool and makes dealing with SAML much easier.

Search

Skip to end of metadata
Go to start of metadata

In most cases it is easier to use Wayfinder for organisation discovery, but you can build your own discovery service if you wish. OpenAthens SP provides a flow which will build a data set based on any metadata it loads. The data set is of name value pairs of entityID and OrganizationDisplayName and you can use this to provide the data for a discovery service.

The basic idea is to present the user with a way of identifying their home organisation (or IdP) so that the SP software knows where to send the user for authentication. Ideally this will be presented to them as a user-friendly typeahead, but could be a simple list of some type. Typeaheads are encouraged because they hide most of the other entities... of which there can be thousands depending on which federation(s) metadata you are consuming.

Examples:

These examples are a guide to how to make the data set available to your application in a couple of popular formats - you know your own site best, so the presentation is left to you.

Java

<%@ page language="java" contentType="text/html; charset=UTF-8"
 pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
 
<%@ page import="java.net.URLDecoder"%>
<%@ page import="java.util.ArrayList"%>
<%@ page import="java.util.List"%>
<%@ page import="java.util.HashMap"%>
<%@ page import="java.util.Map"%>
<%@ page import="javax.servlet.http.Cookie"%>
 
<%@ page import="uk.org.eduserv.openathens.atacama.GroupedValue"%>
<%@ page import="uk.org.eduserv.openathens.atacama.Parameter"%>
<%@ page import="uk.org.eduserv.openathens.atacama.ParameterEntry"%>
<%@ page import="uk.org.eduserv.openathens.atacama.ParameterSet"%>
<%@ page import="uk.org.eduserv.openathens.atacama.config.Configuration"%>
<%@ page import="uk.org.eduserv.openathens.atacama.config.Flow"%>
<%@ page import="uk.org.eduserv.openathens.atacama.modules.server.servlet.ConfigurationManager"%>
 
<%@ page import="uk.org.eduserv.openathens.library.xml.XMLEntities"%>
 
<%
 String requestURL = null;
 Cookie[] cookies = request.getCookies();
 for(Cookie cookie : cookies){
   //This Cookie is set when the user first attempts 
   //to access protected content.
   if(cookie.getName().equals("requestURL")){
     requestURL = URLDecoder.decode(cookie.getValue(),"UTF-8");
     break;
   }
 }
 
 if(requestURL == null){
   //Don't support direct access to the discovery page. 
   //So redirect the user to your home page.
   //In this case the context.
   //As this should be protected the user will
   //end up back at this page.
   response.sendRedirect("/helloworld");
 }
 //This needs to match the OA_CONFIG_URI specified in the web.xml.
 String confURI = "https://sp.openathens.net/configurations?id=7ec153aee52929493b588d5179003e53";
 //The AtacamaBaseFilter will have initialised the configuration with 
 //the ConfigurationManager, so we don't need to worry about loading it.
 Configuration conf = ConfigurationManager.getConfiguration(confURI);
 List<ParameterEntry> entries = null;
 if (conf != null) {
   List<String> tags = new ArrayList <String> (2);
   tags.add("idp");
   tags.add("data");
   Flow flow = conf.getFlowByTags(tags);
   if (flow != null) {
     ParameterSet params = flow.invoke(new ArrayList<GroupedValue>(0)); 
     Parameter param = params.getParameterByName("xmlContent");
     if (param == null) {
       //Flow did not export any data.
       //TODO: Error handling.
     } else {
       entries = param.getEntries();
     }
   } else {
     //No flow tagged "idp data".
     //TODO: Error handling.
   }
  } else {
     //Could not get Configuration.
    //TODO: Error handling.
  }
%>


PHP

<?php
$discovery_data
= $_SERVER['OA_DISCOVERY_DATA'];
$entities
= array();
//Create associative array of identity providers
foreach
(explode("\n",$discovery_data) as $line) {
$d
= explode(' ', $line, 2);
$entities[urldecode($d[0])]
= $d[1];
}
$returnURL
= $_COOKIE['requestURL'];
if(empty($returnURL))
{
// If there is no returnURL, default to protected location.
$returnURL = "/docs";
}
?>
<form
method="POST" action="<?php print($returnURL) ?>">
<select
name="entityID">
<?php
foreach
($entities as $id => $name) {
print '<option value="' . $id .
'">' . htmlentities($name) . "</option>";
}
?>
</select>
<input
value="Go to login" type="submit" />
</form>
Creating a


.NET

using System;
using System.Collections.Generic; using System.Linq;
using System.Web;
using Eduserv.OpenAthens;

namespace Eduserv.OpenAthens
    {
    public static class DiscoveryHelper
        {
        Public static Dictionary<string, string> GetIdentityProviders()
            {
            string>()
            Dictionary<string, string> wayfData = new Dictionary<string,

            //Obtain the configuration in the current HttpApplication

            Eduserv.OpenAthens.Atacama.Core.Config config = 
            (Eduserv.OpenAthens.Atacama.Core.Config)HttpContext.Current.Application["ataca maConfig"];
            data

            //Find the flow within the configuration that contains the IDP

            Eduserv.OpenAthens.Atacama.Core.Flow flow = config.GetFlowByTags(new string[] { "idp", "data" });
            using (flow)
                {
                Eduserv.OpenAthens.Atacama.Core.ParameterSet ps;
                try
                    {
                    }
                // Get the data back from the flow ps = flow.Invoke();
                ex)
                flow", ex);
                catch (Eduserv.OpenAthens.Atacama.Core.AtacamaFlowException
                    {
                    throw new OpenAthensException("Error retrieving idp data
                    }
                if (ps != null)
                    {
                    // Parse the data into a Dictionary Eduserv.OpenAthens.Atacama.Core.Parameter xmlContent; if 
                    (ps.TryGetParameter("xmlContent", out xmlContent))
                        {
                        in xmlContent)
                        foreach (Eduserv.OpenAthens.Atacama.Core.GroupValue gv
                            {
                            if (!wayfData.ContainsKey(gv.Group))
                                {
                                wayfData.Add(gv.Group, gv.Value);
                                }
                            }
                        }
                    }
                }
                return wayfData;
                }
            }
        }
    }









  • No labels