Reference IDP Discovery Service

The final reference component in the GFIPM Reference Federation is the IDP Discovery Service (DS). The DS allows a convenient means for a user to specify which IDP he or she would like to use for single sign-on within the federation. The GFIPM Reference Federation currently uses a single DS, which is managed by GTRI. However, there is no inherent limitation on the number of discovery services that a federation can use.

Participants in a GFIPM federation need not implement their own Discovery Service. Instead, your Service Providers can redirect to the central DS when a user tries to access a resource without a SAML assertion. If a participant's Service Provider solution cannot interface with the DS, the SP must provide an equivalent functionality.