When a RP offers a wide variety of login options, and Feide is one of them, a two-step Identity Discovery UX will fall natural for the technical architecgture. Multi-step discovery is not optimal, and I’ve done some research in ways to avoid that, and implemented a proof of concept within the DiscoJuice discovery service.
Today, I took the discovery UX showcase live on Foodle. When you now want to login to Foodle, you may select between norwegian institusions (that have subscribed for Foodle) along with institusions from other european countries.
For those of you that are not familiar with the norwegian architecture; an important element here is that the Feide operates a single IdP for all norwegian institusions, and there is a custom UI for selecting which institusion to login with at the IdP.
Foodle now may both read and write preferred organisations on Feide; although a inconsistency worth mentioning here is that if you have already successfully logged in with Feide using a specific organization that preference is stored with a higher priority than what Foodle is allowed to write; meaning that Foodle will not allow you to override that ‘preference’. If you want to test this nontheless; you may delete all your cookies at idp.feide.no to see how it works for other users.
Want to learn more about DiscoJuice? – Join my session at TNC2011, at May 17th.