DiscoJuice and the Identity Discovery Problem

I wrote this article for the:

From the early days of Identity Federations, end-users had to be asked; where do you want to login – or Where Are You From (WAYF). As the federations grew, the WAYF provider drop-down lists exploded.

Federations, such as the UK Access Federation, will continue to grow, and the user experience will get even worse with the current model of selecting provider by browsing through a drop-down list. These days federations are also interconnecting to each other, through eduGAIN, Kalmar2, OIX or similar, making the user experience even worse. Not only by making the list longer, but some of these interconnections make use of bridges, which often leads to nested discovery services, all with a different look and feel.

Multi-step discovery services are also common in the UK, for a number of reasons.

The discovery process of federated authentication cannot be bypassed, the user has to perform the selection every time the user goes to a federated service.

Let me introduce DiscoJuice. DiscoJuice is a very flexible IdP Discovery Service, that focus on improving the usability, and aims to scale to very large lists of providers.

DiscoJuice allows providers to have a single login button, and provide all kind of options to the user within the DiscoJuice interface.

DiscoJuice uses logos for easier recognition of the provider. But never the logo alone, but always together with the name of the institution.

DiscoJuice detects which country you are in, and estimates your location, and sort providers according to distance – starting with the nearby ones first. DiscoJuice may also use HTML 5 geo-location API to improve the accuracy of your location using other techniques.

By showing nearby providers first, often users may find the right entry immediately, and click to login in.

In cases where the user’s preferred provider is not listed on the top, the user may use the incremental search.

DiscoJuice does not only search in the name of the institution, but also the description and keywords.

In UK, several schools or institutions are hidden behind a common login provider (where the institution has no association with the school names). One example that I find, was the SWGfL Merlin provider. DiscoJuice allows you to associate a bunch of school names behind the same login provider, to make it appear when the user performs a relevant search.

When the user has chosen the provider the first time, DiscoJuice remembers the preference, and always show the preferred provider on the top of the list – even when you’re on vacation.

DiscoJuice runs in a hosted environment at discojuice.org. Installing DiscoJuice is (almost) as simple as including a sniplet like this, into your HTML header section:

<!-- DiscoJuice hosted by UNINETT at discojuice.org -->
<script type="text/javascript" src="https://engine.discojuice.org/discojuice-stable.min.js"></script>
<link rel="stylesheet" type="text/css" href="https://static.discojuice.org/css/discojuice.css" />
<script type="text/javascript">
    DiscoJuice.Hosted.setup(
        "a.signon", "Example Showcase service",
        "https://service.org/saml2/entityid",
        "http://service.org/response.html", ["edugain", "kalmar", "feide"], "http://service.org/login?idp="
    );
</script>

Head over to the documentation for more details.

Leave a Reply