The goal of the "Where Are You From" (WAYF) service is to send a user to the Identity Provider of his Home Organization. The WAYF also is referred to as "Discovery Service", which also is the name of a SAML specification implementing the Discovery Service protocol. In the following WAYF and DS are used synonymously although the DS protocol is slightly different as is shown below.
Basically, all the WAYF/DS has to accomplish, is to present the user a list of Home Organization and redirect the user's web browser to the selected Identity Provider (WAYF) or back to the Service Provider (Discovery Service) as this is shown below.
Beyond that, additional features enhance the user's ease-of use. This includes several methods of remembering or guessing the user's Identity Provider selection and it also includes embedding the WAYF on a foreign site via a simple copy & paste operation.
The implementation developed by SWITCH is a lightweight PHP implementation that supports multiple languages, several ways of pre-selecting an identity provider and support for push-updates (e.g. from the Resource Registry). The features include:
- Lightweight PHP implementation
- Open-Source software
- Multiple languages support
- Category support in drop down list
- Reads SAML2 Metadata
- Automatic redirection to selected Identity Provider in current web browser session
- SAML Domain Cookie compliant
- Various ways of pre selecting an Identity Provider
- Embedded WAYF feature
- Service Provider can enforce redirect to a Identity Provider
Besides the SWITCHwayf PHP implementation of the Discovery Service/WAYF protocol there are other alternatives that could be used instead.
- There is the official Java Discovery Service/WAYF implementation developed by the Shibboleth Consortium. It runs within a Servlet container and uses the official OpenSAML and Shibboleth libraries.
- The Greek national research & and education network GRNET created in 2009 a Python Discovery Service/WAYF implementation based on the Web framework Django.
SWITCH uses the self-developed PHP implementation for its SWITCHaai and AAI Test federations. Since the WAYF service is crucial for the federation, it has to be ensured that the service is operated without any service interruptions. Therefore, the SWITCHaai WAYF is operated in a high-availability setup that uses anycast techniques to achieve redundancy and load balancing. For a short introduction of the setup see:
SWITCHaai WAYF Presentation, AAI Info-Day 2005
While you find a general description abouth the SWITCHwayf on this page, you might be more interested in the source code, bug reports, released version and other technical aspects. You find this all on the SWITCHwayf project page.
The SWITCHwayf code is published under a BSD license and provided "as-is".
Important: The versions prior to 1.12.2 contain an XSS vulnerability, which would allow an attacker to read out the cookies of the domain and subdomain of the WAYF. Please upgrade to 1.12.2 to fix this issue. Go to SWITCHwayf download page in order to download packages for the official released versions as well as to get code access.
Support, Feedback and Bug Reports
Support, feedback, bug reports or feature requests are always welcome. Please check first whether the bug you found is not known already and then add it on the SWITCHwayf bug page.