You are here

CLARIN Discovery Service

Is there a central Discovery Service for CLARIN?

Yes, there is. It is based on DiscoJuice, hosted on a CLARIN server in a computing centre and populated with IdP information (metadata) about:

Can I test it?

Yes. Go to https://catalog.clarin.eu/secure/shib_test.pl and you will be redirected to DiscoJuice.

Why do you have a central Discovery Service?

There are multiple reasons for this:

  • It means less hassle and configuration efforts at the side of the Service Providers.
  • We only need to keep one instance updated (security and usability improvements, etc.)
  • If a user is redirected to the same Discovery Service, there is no need to select the IdP again from a list. This improves the Single Sign On experience.

Is use of the central Discovery Service compulsory?

No. You still can host your own one. But given the advantages (see the previous question) we strongly recommend it.

I run a Service Provider. How do I connect it to the central Discovery Service?

In order to use the central Discovery Service, your Shibboleth Service Provider's configuration must have the right session initiator configuration. You can change this in the shibboleth2.xml configuration file. The Location attribute specifies the login endpoint you can use to append to your handler URLs (/Shibboleth.sso by default) to start a SAML session. The URL attribute of the session initiator of type SAMLDS should point to the DiscoJuice installation you want to use.

Please add to shibboleth2.xml:

  <!-- Use CLARIN central Discovery Service -->
  <SSO discoveryProtocol="SAMLDS" discoveryURL="https://discovery.clarin.eu/discojuice">
    SAML2
  </SSO>

(A restart of shibd and a reload of your web server and is required afterwards.)

For more technical information, including configuration tips for other Service Provider implementations, please consult the relevant Trac page.

Does the use of a central discovery service have disadvantages too?

A drawback of the central Discovery Service is the fact that it introduces a single point of failure. To address this, several measures are in place:

  • The service is setup redundantly. If one server is not available or has problems, an automatic failover system ensures another server takes over.
  • The the central Discovery Service gets the highest system administration priority.
  • It runs at a reliable computing centre (MPCDF), which helps us achieve a high availability.

My question isn't answered here!

Please send it to spf /at/ clarin.eu