Integrating the Login Button with your SAML SP

Owned by Heather Flanagan
Last updated: Oct 23, 2020 by Matthew J Richards (Unlicensed)
1 min read

The first step is easy to describe in general but the second step depends on exactly how your SAML implementation works. We provide examples below for the Shibboleth SP but if you run something other than Shibboleth you need to consult your documentation to figure out how the integration works.

The example in “Display of Seamless Access Login Button” works out of the box for Shibboleth assuming you have configured https://service.seamlessaccess.org/ds as the discovery service as in the example above. The Shibboleth simplified SP configuration uses the URL /Shibboleth.sso/Login to trigger an authentication request using the discovery service configured in the <SSO> element.

In general, the idea is to provide two hooks for the button component:

  1. A way to initialize a SAML discovery protocol request in the SAML SP

  2. A way to receive the response from the SAML discovery protocol request

For Shibboleth the loginInitiatorURL serves both purposes but in general, you need to provide two parameters discoveryRequest and discoveryResponse which can be either URLs (in which case a redirect is performed) or JavaScript functions that are called by the component.

The discoveryRequest function is called with a single argument containing a JS object representing the chosen IdP - parameters include entity ID, icon, title, etc. Normally this function will be used to initialize a SAML authentication request to the identity provider identified by entity.entityID.

For Shibboleth this is all handled by providing the single loginInitiatorURL parameter as in the example above.

 

 

<< | >>