Implementing the integration with the WAYF Cloud

Integration to WAYF Cloud requires the use of two interfaces:

  • The WAYF Cloud REST API, which is used by the server provider platforms to Create, Discover, Share and keep up to date a user's WAYF history with other Service Providers.
  • An interface between the user's web browser and the WAYF Cloud. This interface is implemented by the WAYF Widget and its practically an internal interface between the WAYF Widget and the WAYF Cloud server. All a service provider platform needs to do, is to incorporate the WAYF Widget URL into certain HTML pages as described here

The WAYF Widget Interface

The WAYF Widget makes asynchronous requests to the WAYF Cloud server from the user's device at the time a user visits the Service Provider web page for the first time. Its role is to transfer the unique identifier of the device in the domain of the service provider, referred to as the wayf-local ID, to the WAYF Cloud.

This also allows the WAYF Cloud to assign another ID to this device, referred to as the wayf-global ID. The wayf-global ID is stored at the device in the form of a cookie and its carried in all HTTP requests made by this device (i.e web browser) to the WAYF Cloud server.

Ultimately, the WAYF Cloud uses the information provided by the WAYF Widget to build relationships between a user's wayf-global ID and the different wayf-local IDs used by the different service providers for this device as illustrated in the following picture.

Illustration of the relationships maintained in the WAYF Cloud from data provided by the WAYF WidgetIllustration of the relationships maintained in the WAYF Cloud from data provided by the WAYF Widget

Illustration of the relationships maintained in the WAYF Cloud from data provided by the WAYF Widget

The WAYF Cloud REST API

The WAYF Cloud REST API is used by the service provider platform for the following pruposes:

  • Create a new device at the WAYF Cloud, using the unique ID of this device at the service provider
  • After the user successfully authenticates with an Identity Provider, send the Identity Provider metadata to the WAYF Cloud,
  • For users that visit the service provider and are not yet aythenticated, get a list of Identity Providers that they have previously used to successfully authenticate to other Service Providers
  • Update the WAYF Cloud when the user asks to not use an Identity Provider again in the future