Skip to end of metadata
Go to start of metadata

You will need to do three things:

Add a discovery response binding to your metadata in the <Extensions> section- e.g:

      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="" index="1"/>

... then add the discovery service to your shibboleth.xml configuration file in the SSO section in place of any singular IdP definition:

     discoveryProtocol="SAMLDS" discoveryURL="">
     SAML2 SAML1

For the OpenAthens federation you will need to add the discovery return URL to your SAML endpoints via the publisher dashboard:

  • Go to the SAML endpoints tab and click the add endpoint button

  • Select discovery return URL, enter the value and click done

  • Click Save changes
  • It will take up to 15 minutes for the change to take effect

If you are in other federations, first check that your metadata now includes an <idpdisc:DiscoveryResponse> section and then get the federations you have joined to update their metadata. How this is done can vary by federation, but you will usually have to tell them.

  • No labels