Identity Provider Discovery Information

An important aspect of a SAML federation is how a Service Provider selects the correct Identity Provider as part of user session establishment. This is called Identity Provider Discovery which can be done in a number of ways. A basic way is for a Service Provider to redirect a user to a Discovery Services site. The user then selects, using a user interface, their appropriate Identity Provider.

CAF provides a Discovery Service for the use of federation participants. The Discovery Service includes failover protection implemented using dynamic DNS.