-
Notifications
You must be signed in to change notification settings - Fork 23
My own WAYF
##Running your own WAYF
As OpenConext is a SAML2 Proxy, by default IdPs connected to the platform are not exposed to Service Providers (SPs). Instead, SPs connect to the (single) Proxy IdP, which will automatically serve a WAYF if appropriate. The WAYF will contain only these IdPs that have been given access to the SP.
However, several scenarios exist where a Service Provider would like more control over the WAYF:
- Custom WAYF: The SP want to present its own specifically tailored or branded WAYF
- WAYF-less URLs: The SP want to redirect user directly towards a specific IdP
Transparent Proxy allows the SP to have 'direct' access to an IdP, without the need for the IdP to link directly to an SP.
The Transparent proxy feature of OpenConext exposes all IdPs at a unique endpoint on the OpenConext SAML endpoint. An EntitiesDescriptor is available for all IdPs. In addition it is possible to query the OpenConext EngineBlock for a list of SP-specific IdPs (i.e., the IdPs that have access to the SP as configured via ServiceRegistry).
- To query all available IdPs go to the IdP EntitiesDescriptor: https://engine.demo.openconext.nl/authentication/proxy/idps-metadata
- To query all available IdPs per SP, query the IdP EntitiesDescriptor with the SP entityID as a parameter: https://engine.demo.openconext.nl/authentication/proxy/idps-metadata?sp-entity-id=SPentityID