1.3.0 (February 27, 2024)

This is a new minor version that adds additional cookie control features and some bug fixes.

1.2.2 (April 24, 2019)

This is a service release to provide proper configuration support for Apache 2.4.

1.2.1 (January 28, 2019)

This is a bug fix that prevents new installations of the EDS from acting as an open redirector. Existing systems will continue to function as one until locked down, but the presence of the new setting will prevent this behavior.

Existing deployments should add the "this.returnWhiteList" parameter to their copy of idpselect_config.js to lock down the redirection to the right set of hosts. As an example, the instance on is set to:

this.returnWhiteList = [ "^https:\/\/(wiki|issues)\.shibboleth\.net\/.*$" ];

1.1.0 (June 19, 2015)

This is a bugfix and new feature refresh of the Embedded Discovery Service.

For a complete list of issues addressed in this release, see

Of particular interest is:

  • The ordering of history in the _saml_idp cookie has been fixed to align with the spec.  This means that the first time that the EDS is run after an upgrade the preferred IdP list will appear backwards.  Some extra configuration has been added to allow better interoperation with the Shibboleth SP's use of the _saml_idp cookie.

  • The EDS now incorporates AIRA mark up which makes it usable by screen readers EDS-26 (work in progress)

  • The language bundles now include Japanese, Brazillian Portugese as well as German and English.  The bundles are now shipped separately from the main configuration which means that no work is needed at upgrade time to take advantage of these languages.

  • Several new configuration options are included.  See the documentation for details.