Service Provider Login Link Composer

Completing the form below one can compose login links for a SAML service that redirects users directly to a specific organisation and thus skipping the WAYF/Discovery Service.

Example link: Login via SWITCH (SWITCHaai)

If your service is accessed by users from more than a hand full of different organisations, it is recommended to use a WAYF/Discovery Service or the embedded WAYF.

Looking for initiating a specific registration or login flow for a SWITCH edu-ID enabled SP? For that, use the dedicated SWITCH edu-ID Link Composer.

Required information


/Login /DS
Since Shibboleth 2.5 the default Session Initiator is /Login, for older version you might have to use the /DS Session Initiator.
Enter the hostname of your SWITCHaai or AAI Test service and select one of the matching entries from the auto-completion feature.
Examples for valid Service Provider Session Initiator handler URLs are https://myhost.example.com/Shibboleth.sso/Login or https://otherhost.example.com/Shibboleth.sso/DS.


Specify here the URL of the web page that the user shall be redirected after authentication. This is usually a Shibboleth protected page. If you don't have such a page yet, use https://your.example.com/Shibboleth.sso/Session provided you are using a Service Provider 2.x. This page then will display all available attributes and other session information.


Enter the entityID of the Identity Provider that the user shall use for authentication. Examples for valid entityIDs are
https://aai-login.example.org/idp/shibboleth or https://aai.example.org/idp/shibboleth

Service Provider-initiated Identity Provider-initiated (Shibboleth IdP 2.3 or newer)
By default, the authentication process is initiated by the Service Provider. Identity Provider-initiated URLs work only with Shibboleth Identity Provider 2.3 or newer. They can be useful in specific use-cases but are generally not recommended to use.





Note: If you get a Shibboleth error saying "Shibboleth handler invoked at an unconfigured location", change the SessionInitiator URL from /Shibboleth.sso/Login to /Shibboleth.sso/DS. It may be that in the Shibboleth Service Provider configuration file not all SessionInitiators are active.

After clicking on the above button and trying out the resulting link, just copy and paste the HTML snippet to any web page.