Search

Skip to end of metadata
Go to start of metadata

You will need to do three things:

Add a discovery response binding to your metadata in the <Extensions> section- e.g:

<Extensions>
   ...
      <idpdisc:DiscoveryResponse xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="https://shibsp.yourdomain.com/Shibboleth.sso/DS" index="1"/>
   ...
</Extensions>

... then add the discovery service to your shibboleth.xml configuration file in the SSO section in place of any singular IdP definition:

 <SSO
     discoveryProtocol="SAMLDS" discoveryURL="https://wayfinder.openathens.net">
     SAML2 SAML1
 </SSO>

For the OpenAthens federation you will need to add the discovery return URL to your SAML endpoints via the publisher dashboard:

  • Go to the SAML endpoints tab and click the add endpoint button

  • Select discovery return URL, enter the value and click done

  • Click Save changes
  • It will take up to 15 minutes for the change to take effect

If you are in other federations, first check that your metadata now includes an <idpdisc:DiscoveryResponse> section and then get the federations you have joined to update their metadata. How this is done can vary by federation, but you will usually have to tell them.

  • No labels