Service Provider Login Link Composer

This web page let's you compose login links for your AAI-protected resource that will redirect users directly to a specific Home Organization for authentication. This way users won't be redirected to the WAYF service at all and they also don't have to choose their Home Organization from a drop down list but instead just click on the login links you provide them.
It is assumed that you use a standard Shibboleth Service Provider 1.3.x or 2.x with default session initiators.
An example of a direct login link that would be generated by the below script is:

Example link: Login via SWITCH (SWITCHaai)

Note:
Should the Identity Provider change its entityId, the link will have to reflect this change. Otherwise users will see an error at their Service Provider that the Identity Provider is unknown. Due to the migration to Shibboleth 2, entityIDs are likely to change.

Recommendation:
In case your resource has users from more than 3 different organizations, it may be a better idea to use an own Discovery Service/WAYF or an the embedded WAYF that will display the organizations in a drop down list. This way, you save some space and it may be less confusing for users to choose their organization because cookies will remember their last choice.

Required information

Please be aware that Shibboleth 1.x is not supported anymore and it is strongly recommended to use Shibboleth 2.x.


Examples for valid Service Provider Session Initiator handler URLs are https://myhost.uni.ch/Shibboleth.sso/DS or https://otherhost.uni.ch:8443/myapp/Shibboleth.sso/Login. Or just enter part of the entityID in order to make use of the auto-completion feature that uses data from the SWITCH Resource Registry.


Specify here the URL of the web page that the user shall be redirected after authentication. This usually is a Shibboleth protected page. If you don't have such a page yet, you could use https://your.host.ch/Shibboleth.sso/Session provided you are using a Service Provider 2.x. This page then will display all available attributes and other session information.


This should be the entityID of the Identity Provider the user shall be redirected to for authentication. Examples for valid entityIDs are urn:mace:switch.ch:myuniversity.ch or https://aai.myuniversity.ch/idp/shibboleth



After clicking on the above button and trying out the resulting link, just copy and paste the HTML snippet to any web page.