InCommon Federation

[soichih]

Hello!

I am trying to implement an authentication mechanism for our web application that uses InCommon Federation / IdP discovery (https://www.incommon.org/federation/). This allows user to select their home institution from a list presented by InCommon discovery service (http://www.incommon.org/federation/discovery.html), and forwarded to individual IdP for authentication, and finally get profile back to my web application - instead of manually having to configure IdP individually with my web app.

I am very new to the idea of SAML federation, but it looks like current implementation of passport-saml doesn't support this; it's missing the idpdisc:DiscoveryResponse in the metadata for one thing.

My questions are ..

1. Does passport-saml already allow me to use InCommon federation? If so, is there a sample code?
2. If not, is there any plan of adding support to InCommon federation / IpD discovery service?
3. If there is no plan, I am thinking about adding such support to passport-saml (in a fork). If I do, is there any chance of merging it to upstream?

Thank you!!

[ploer]

Sorry for the slow response here, I've been meaning to do some research on this but haven't gotten to it.

But the short answer is, I don't think we've done any work to support this and there are no plans to do so. I'd be very happy to take a look at a pull request to add this support.