Discovery Service Integration

Discovery Service Integration

By far the easiest integration is to use Seamless Access service as a standard SAML identity provider discovery service (DS). The DS URL is - you will use this URL in your SPs configuration where appropriate. Here is how to do this for two common SP software stacks:


In the file /etc/shibboleth/shibboleth.xml modify the SSO element to read:

1 2 3 <SSO discoveryProtocol="SAMLDS" discoveryURL=""> SAML2 </SSO>

For a complete set of options related to discovery see the shibboleth documentation.


In authsources.php (relative to the SSP config directory) find your SAML authentication source (often named ‘default-sp’) and set the discoURL parameter to

1 2 3 4 5 6 'default-sp' => array( 'saml:SP', 'entityID' => NULL, 'discoURL' => '', .... ),

For more details visit the SSP documentation.