CLARIN Discovery Service

Is there a central Discovery Service for CLARIN?

Yes, there is. It is an own implementation that has been inspired by DiscoJuice (which is no longer supported) and it is hosted on a CLARIN server in a computing centre and populated with IdP information (metadata) about:

Can I test it?

Yes. Go to CLARIN SPF Interoperability Test Page and you will be redirected to DiscoJuice.

Why do you have a central Discovery Service?

There are multiple reasons for this:

  • It means less hassle and configuration efforts on the side of the Service Providers.
  • We only need to keep one instance updated (security and usability improvements, etc.)
  • If a user is redirected to the same Discovery Service, there is no need to select the IdP again from a list. This improves the single sign-on experience.

Is use of the central Discovery Service compulsory?

No. You still can host your own one. But given the advantages (see previous question) we strongly recommend it.

I run a Service Provider. How do I connect it to the central Discovery Service?

In order to use the central Discovery Service, your Shibboleth Service Provider’s configuration must have the right session initiator configuration. You can change this in the shibboleth2.xml configuration file. The Location attribute specifies the login endpoint you can use to append to your handler URLs (/Shibboleth.sso by default) to start a SAML session. The URL attribute of the session initiator of type SAMLDS should point to the Discovery Service installation you want to use.

Please add to shibboleth2.xml:

  • For a discovery service containing all Identity Providers from the CLARIN Service Provider Federation (default):

<!-- Use CLARIN central Discovery Service -->
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu">SAML2</SSO>

  • For a discovery service containing all Identity Providers from the CLARIN Service Provider Federation and eduGAIN:

<!-- Use CLARIN central Discovery Service -->
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu/feed/edugain">SAML2</SSO>

(A restart of shibd and a reload of your web server and is required afterwards.)

Does the use of a central discovery service have disadvantages too?

A drawback of the central Discovery Service is the fact that it introduces a single point of failure. To address this, several measures are in place:

  • The service is setup redundantly. If one server is not available or has problems, an automatic failover system ensures another server takes over.
  • The the central Discovery Service gets the highest system administration priority.

Is the source code available?

Yes, under the GPL v3 license. See the repositories for the backend and the frontend.

My question isn’t answered here!

Please send it to spf@clarin.eu