Service Providers - Support & Downloads - Authentication - Security & Identity - For universities

Service Provider Login Link Composer

This web page lets one compose login links for a Shibboleth-protected resource. The link will redirect users directly to a specific Home Organization for authentication. This way users will skip the WAYF/Discovery Service.

Example link: Login via SWITCH (SWITCHaai)

However, in case your resource has users from more than a hand full of different organizations, it is recommended to use a WAYF/Discovery Service or the embedded WAYF.

Required information

Service Provider Session Initiator Handler URL
Session Initiator /Login /DS
Since Shibboleth 2.5 the default Session Initiator is /Login, for older version you might have to use the /DS Session Initiator.
Enter the hostname of your SWITCHaai or AAI Test service and select one of the matching entries from the auto-completion feature.
Examples for valid Service Provider Session Initiator handler URLs are https://myhost.uni.ch/Shibboleth.sso/Login or https://otherhost.uni.ch/Shibboleth.sso/DS.

Service Provider Target URL
Specify here the URL of the web page that the user shall be redirected after authentication. This is usually a Shibboleth protected page. If you don't have such a page yet, use https://your.host.ch/Shibboleth.sso/Session provided you are using a Service Provider 2.x. This page then will display all available attributes and other session information.

Identity Provider entityID
Enter the entityID of the Identity Provider that the user shall use for authentication. Examples for valid entityIDs are https://aai-login.myuniversity.ch/idp/shibboleth or https://aai.otheruniversity.ch/idp/shibboleth

Initiation Type Service Provider-initiated Identity Provider-initiated (Shibboleth IdP 2.3 or newer)
By default, the authentication process is initiated by the Service Provider. Identity Provider-initiated URLs work only with Shibboleth Identity Provider 2.3 or newer. They can be useful in specific use-cases but are generally not recommended to use.

Login link:

Note: If you get a Shibboleth error saying "Shibboleth handler invoked at an unconfigured location", change the SessionInitiator URL from /Shibboleth.sso/Login to /Shibboleth.sso/DS. It may be that in the Shibboleth Service Provider configuration file not all SessionInitiators are active.

After clicking on the above button and trying out the resulting link, just copy and paste the HTML snippet to any web page.