In the Directory Server 10.3.1 Update it lists the following new feature "Directory Server now includes initial SAML discovery service support.". What does this mean exactly?
We added support for the SAML feature "discovery service" that allows administrators to specify a SAML landing page of sorts where users then select their appropriate SAML provider, rather than, say, showing 10 SAML providers on the LFDS SSO page. This discovery service page tends to be highly customizable.
While we still require administrators to register all the SAML providers, we allow administrators to hide the providers on the login page so that the end user only sees the option for the discovery service.
This was per request from larger education customers.
The "initial" is there because at this point, we haven't tested it with many SAML providers --- that said, if the SAML provider itself works with LFDS, it is quite likely that their discovery service would work, since it's a pretty standardized, simple part of the protocol.
If you encounter issues or have requests for additional functionality/options for the discovery service, I'd be happy to hear.