...
authnContextComparison
("exact", "minimum", "maximum", "better") (defaults to "exact") (SAML2
only)- Indicates the required relationship between a requested context class and the resulting form of authentication. The Shibboleth 2.x IdP currently supports only "exact".
NameIDFormat
(URI) (SAML2
only) (Version 2.3 and Above)- If set, causes the authentication request to carry a
saml:NameIDPolicy
with aFormat
containing the provided value. If the receiving IdP can not fulfill this requirement it should return an error response.
- If set, causes the authentication request to carry a
SPNameQualifier
(URI) (SAML2
only) (Version 2.3 and Above)- If set, causes the authentication request to carry a
saml:NameIDPolicy
with anSPNameQualifier
containing the provided value. If the receiving IdP can not fulfill this requirement it will should return an error response.
- If set, causes the authentication request to carry a
discoveryPolicy
(string) (SAMLDS
only) (Version 2.5 and Above)- Used as input to some discovery protocols that take parameters modifying discovery behavior. In the case of the
type="SAMLDS"
SessionInitiator, this is passed as apolicy
parameter value.
- Used as input to some discovery protocols that take parameters modifying discovery behavior. In the case of the
template
(base64-encoded SAML<AuthnRequest>
message) (SAML2
only) (Version 2.6 and Above)- If supplied, the eventual SAML request is constructed based on the message supplied, apart from per-request information or settings supplied directly in the configuration or as parameters. Allows a message to be constructed externally with extensions or dynamic content, and then re-issued by the SP.
Examples
The redirection examples shown are illustrated by way of the HTTP Location header that would be returned to a client by an application. Refer to your programming environment's documentation for information on how to generate redirects and produce such a header. Note that you should always be sure to URL-encode any parameter values that you append.
...