Selecting the user organization

If the service knows what organization the user is going to use on the login page, it is possible to prepopulate the organization choice on the login page. To do this, the user needs to be redirected via a special URL on the login page. This URL will save the organization choice in a cookie.

Implementation

To select the organization for the user, the user must be redirected via the following URL: https://idp.feide.no/simplesaml/module.php/feide/preselectOrg.php

This URL requires two query parameters:

  • HomeOrg: Realm to the user’s organization. E.g. uninett.no for UNINETT, feide.osloskolen.no for Oslo kommune, skjaakskulane.no for Skjåk kommune.
  • ReturnTo: URL the user should be returned to after the organization choice is stored. This is normally a URL at the service that triggers login. Remember to URL-escape this parameter.

Realm

We don’t have a simple overview of the realm for the various organizations connected to Feide. The simplest way to determine the realm for an organization is to access the Feide login page, choose that organization, and look at what realm is set in the org-parameter in the URL. The login page can be accessed at https://innsyn.feide.no/.

When you get the login page, change it to the target organization and click the “Continue”-button. At that point, the URL to the login page should contain the realm of the target organization in the org-parameter.

Example

https://idp.feide.no/simplesaml/module.php/feide/preselectOrg.php?HomeOrg=uninett.no&ReturnTo=https%3A//sp.example.org/login%3Fmethod%3Dfeide

This URL will select Uninett as the organization. Afterwards, the user will be sent to: https://sp.example.org/login?method=feide

The latter URL should send a login request to Feide.

Notes

  • The organization set with this method will override any organization choice made by the user. It is therefore important that the service is certain that the organization it selects is the correct organization.
  • Even when the organization selects the organization using this method, the user is still able to override it. The user can change the organization on the login page using the “Not your affiliation?”-link. The service must therefore be prepared for the possibility that the user will return from the login request with a user from another organization.