Formalize Authentication For OPDS support for SAML authentication flow

[leonardr]

In the Library Simplified circulation manager we have started advertising support for a SAML 2.0 authentication flow in our authentication documents.

The URI we're using for this is http://librarysimplified.org/authtype/SAML-2.0. We use a link with rel="authenticate" to kick off the authentication flow. We also provide a number of other attributes associated with this link. These attributes correspond to tags defined by the Metadata Extensions for Login and Discovery User Interface -- basically SAML's version of Authentication For OPDS -- especially the mdui:UIInfo tags.

• display_names
• descriptions
• information_urls
• privacy_statement_urls
• logo_urls

@vbessonov can go into more detail here about how he translated the SAML specs into A4OPDS terms, and I can help refine that.

[vbessonov]

Please find below a fragment of the authentication document (here is the full version):

{
            "type": "http://librarysimplified.org/authtype/SAML-2.0",
            "description": "SAML 2.0 Web SSO",
            "links": [
                {
                    "privacy_statement_urls": [],
                    "logo_urls": [],
                    "display_names": [
                        {
                            "language": "en",
                            "value": "Shibboleth Test IdP"
                        }
                    ],
                    "href": "http://cm.hilbertteam.net/SAML/saml_authenticate?idp_entity_id=http%3A%2F%2Fidp.hilbertteam.net%2Fidp%2Fshibboleth&provider=SAML+2.0+Web+SSO",
                    "descriptions": [
                        {
                            "language": "en",
                            "value": "Shibboleth Test IdP"
                        }
                    ],
                    "rel": "authenticate",
                    "information_urls": []
                },
                {
                    "privacy_statement_urls": [],
                    "logo_urls": [],
                    "display_names": [
                        {
                            "language": "en",
                            "value": "Shibboleth Test IdP 2"
                        }
                    ],
                    "href": "http://cm.hilbertteam.net/SAML/saml_authenticate?idp_entity_id=http%3A%2F%2Fidp2.hilbertteam.net%2Fidp%2Fshibboleth&provider=SAML+2.0+Web+SSO",
                    "descriptions": [
                        {
                            "language": "en",
                            "value": "Shibboleth Test IdP 2"
                        }
                    ],
                    "rel": "authenticate",
                    "information_urls": []
                }
            ]
        }

I extended the document by adding IdP's mdui:UIInfo metadata. Please note that each of mdui:UIInfo child elements can occur multiple times and have different languages associated with them so I map them to JSON arrays: Description of each IdP contains elements:

• <mdui:DisplayName> tags are mapped to display_names array
• <mdui:Description> tags to descriptions
• <mdui:InformationURL> tags to information_urls
• <mdui:PrivacyStatementURL> tags to privacy_statement_urls
• <mdui:Logo> tags to logo_urls

I didn't add <mdui:Keywords> since I didn't notice them in InCommon metadata but it makes sense to add it too to have complete support for Metadata Extensions for Login and Discovery User Interface standard