Versions Compared

Old Version 14

changes.mady.by.user Rod Widdowson

Saved on

compared with

New Version 15

changes.mady.by.user Rod Widdowson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Common Attributes

The following may be specified for all types

...

Name

...

Type

...

Default

...

Description

...

Plugin type name.

...

If true, establishes the default SessionInitiator used implicitly for content protected with the requireSession content setting. If none are labeled, the first is implicitly the default.

...

If set, establishes an assumed IdP to use for authentication, if none is passed explicitly with a query string parameter or overridden via content settings.

...

Controls how information associated with the session request, primarily the original resource accessed, is preserved for the completion of the authentication process. Overrides the like-named attribute in the <Sessions> element.

...

This matches the index of the <md:AssertionConsumerService> element to use for the return message from the IdP.
This setting is optional and best avoided, in favor of letting the software automatically select the first compatible endpoint.

...

Optional, advanced setting for overriding the name of the query string parameter used to override the IdP to use. Normally "entityID" and "providerId" are the parameter names supported. This is provided for supporting unusual application requirements.

...

one of
conditional,
true, false, front, back

...

Allows handlers to disallow the use of externally supplied parameters / input to drive them. The specific settings this influences will vary by handler, and by default the full range of settings supported can be supplied from outside the SP, typically using query string parameters or form submission. For particularly sensitive or important options, this setting can be used to block that support. This primarily applies to the "SAML2" handler but may be honored by any handler as it deems appropriate.

Include Page
SessionInitiatorCommonAttributes
SessionInitiatorCommonAttributes

Initiator Protocol

The Shibboleth SP does not have an application API per se, but the SessionInitiator mechanism supports a simple redirect protocol capable of triggering, and influencing, the creation of authentication requests.

...

Not all SessionInitiator handlers support all the possible parameters. Query String Parameters which are specific to a protocol are listed under the Session Initiator.

...

Parameter Name

...

Parameter Value Type

...

Description

...

The IdP to request authentication from.

...

The URL to return the user to after authenticating. If unspecified, the homeURL attribute for the application is used.

...

Include Page
SessionInitiationCommonQueryParameters
SessionInitiationCommonQueryParameters

Examples

The redirection examples shown are illustrated by way of the HTTP Location header that would be returned to a client by an application. Refer to your programming environment's documentation for information on how to generate redirects and produce such a header. Note that you should always be sure to URL-encode any parameter values that you append.

...