Possible to include hosted IDPs in the list?

[madsi1m]

Hi, is it possible to also include saml20-idp-hosted IDPs in the disco list?

At the moment it only shows what is in saml20-idp-remote.

Cheers

[thijskh]

Does it actually work if you would select such an IdP?

[madsi1m]

I do not know because the hosted idp is not in the list

[ghalse]

I don't believe this will work the way you're hoping. If you're running an IdP and an SP on the same web server, copy the IdP's generated metadata into saml20-idp-remote.php to configure the SP. Then it'll appear in discovery.

[thijskh]

That makes sense to me. Rather make configuration explicit: list the IdPs you want in saml20-idp-remote rather than 'magically' making login also possible for any local IdPs - not quite sure that this would not lead to various surprises.

[tvdijen]

I think it would be a nice feature.. It's just a matter of writing proper upgrade notes.

[ghalse]

I think it would be a nice feature.. It's just a matter of writing proper upgrade notes.

IMHO, that includes not turning the feature on by default.

But it also occurs to me it is solved simply by documentation.

We do exactly what I suggested earlier, and the metadata in samls20-idp-hosted.php and saml20-idp-remote.php is not identical (particularly around authproc filters and the mdui dressing). So there's also some value in the status quo.

[tvdijen]

authproc-filters are irrelevant for this purpose and mdui settings should be identical? Can you explain what the difference is?
We can literally fix this with a oneliner, so I would be in favour to 'fix' this rather then to document the workaround.