blob: 470b0995af7095fa1b461c9f41d1a942804d29b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
<HTML>
<!-- Collect Stylesheet from the DS - this is needed for the autosuggest stuff -->
<link rel="stylesheet" title="normal" type="text/css"
href="static.css" />
<title>Static Discovery Service with centralised hinting</title>
<Body>
<p>
This is a boring, but static web page which shows how an signle SP can
configure their own "Discovery Service" without recouse to a Java
Container but taking full advantage of the centralised cookie server
in the Federation Discovery Service.
</p>
<p>
This DS points at a test SP in the UK Federation, and uses the
Shib/SAML1 protocol. It is a lot harder to configure (a lot like
setting up one a "WAYFless URLS". Consider it motivation to upgrade
from SAML1 to SAML2...
</p>
<!-- This is where the real lifting starts. We start with a placemarker where the previously visit -->
<div id="Hints">
</div>
<h3>Enter Organization Name</h3>
<!-- The below is for a Shib2 SP.
In order to make the changes you need two know five things
1) The EntityID of your SP.
In this case "https://sh2testsp1.iay.org.uk/shibboleth"
2) The return address for the login. Dpending on how you
configure your sessioninitiators this may include other garnish (like
&target=cookie)
In this case "https://sh2testsp1.iay.org.uk/Shibboleth.sso/DS"
3) The "shire" (the protocol return address)
In this case "https://sh2testsp1.iay.org.uk/Shibboleth.sso/SAML/POST"
4) The address of the Servlet running the centralized DS
In this case "https://sh2testsp1.iay.org.uk/secure/printenv.cgi"
5) The name of the JS and Browser discovery services ("discovery/i2.wayf"
and "discovery/js.wayf" respectively.
You then need to plug them into the form below:
-->
<form autocomplete="OFF" action="https://dlib-adidp.ucs.ed.ac.uk/discovery/i2.wayf">
<!-- This is where your entity goes -->
<input type="hidden" name="providerId" value="https://sh2testsp1.iay.org.uk/shibboleth" />
<!-- and your potentially garnished return address -->
<input type="hidden" name="target" value="https://sh2testsp1.iay.org.uk/secure/printenv.cgi" />
<!-- and the "Shire" -->
<input type="hidden" name="shire" value="https://sh2testsp1.iay.org.uk/Shibboleth.sso/SAML/POST" />
<!-- the rest is fixed -->
<input type="hidden" name="action" value="search" id="selectOrSearch" />
<input type="hidden" name="cache" value="perm" />
<input type="hidden" name="origin" value="unspec" id="enterOrigin"/>
<table border="0" cellpadding="0" cellspacing="0" width="400pr">
<tr>
<td>
<input type="text" name="string" value="" id="enterText" tabindex="50" size="54" />
</td><td align="right">
<input type="submit" id="enterSubmit" value="Search"/>
</td>
</tr>
</table>
</form>
<noscript>
<!-- Fallback to Shibboleth DS session initiator for non-JavaScript users.
You construct the URL using the values above -->
<p>
Your browser is not javascript enabled. Go to the Discovery Service <a href="https://dlib-adidp.ucs.ed.ac.uk/discovery/i2.wayf?entityID=https://spaces.internet2.edu/shibboleth&return=https://spaces.internet2.edu/Shibboleth.sso/Login">here</a>
</p>
</noscript>
<h3>Configuring</h3>
Details on how to set this up this are embedded as comments in this
web page. Currently a lot of the configuration is manual. Although
it would be feasible to automate this just as is planned for Shib2
SPs, the duplication seems needless given that the product has a 9
month shelf life.
<!-- Collect the hints and the IdP list -->
<script language="javascript"
type="text/javascript"
src="https://dlib-adidp.ucs.ed.ac.uk/discovery/js.wayf?shire=https%3A%2F%2Fsh2testsp1.iay.org.uk%2FShibboleth.sso%2FSAML%2FPOST&time=1249284798&target=https%3A%2F%2Fsh2testsp1.iay.org.uk%2Fsecure%2Fprintenv.cgi&providerId=https%3A%2F%2Fsh2testsp1.iay.org.uk%2Fshibboleth"
</script>
<!-- Collect the autosuggest code -->
<script language="javascript"
type="text/javascript"
src="https://dlib-adidp.ucs.ed.ac.uk/discovery/Suggest.js">
</script>
<!-- And some code to set up the rest of the page. You need to plug the DS base address in below -->
<script language="javascript"
type="text/javascript">
<!--
window.onload = function() {
var wayfAddress="https://dlib-adidp.ucs.ed.ac.uk/";
var i = 0;
var hints = document.getElementById("Hints");
//
// Make the hints visible
//
if (theHints.length > 1) {
var h3 = document.createElement("h3");
h3.innerHTML+="Previously visited sites";
hints.appendChild(h3);
}
//
// And populate them
//
while (i < theHints.length) {
var a = document.createElement("a");
a.href = wayfAddress + theHints[i][0];
a.innerHTML += theHints[i][1];
hints.appendChild(a);
hints.appendChild(document.createElement("p"));
i++;
}
//
// And set up the autohint
//
var ie6Hack = [ ];
var control = new TypeAheadControl(theElements,
document.getElementById("enterText"),
document.getElementById("enterOrigin"),
document.getElementById("enterSubmit"),
document.getElementById("selectOrSearch"),
ie6Hack);
document.getElementById("enterText").focus();
}
-->
</script>
</body>
</html>
|
