...
authnContextComparison("exact", "minimum", "maximum", "better") (defaults to "exact") (SAML2only)- Indicates the required relationship between a requested context class and the resulting form of authentication. The Shibboleth 2.x IdP currently supports only "exact".
NameIDFormat(URI) (SAML2only) (Version 2.3 and Above)- If set, causes the authentication request to carry a
saml:NameIDPolicywith aFormatcontaining the provided value. If the receiving IdP can not fulfill this requirement it should return an error response.
- If set, causes the authentication request to carry a
SPNameQualifier(URI) (SAML2only) (Version 2.3 and Above)- If set, causes the authentication request to carry a
saml:NameIDPolicywith anSPNameQualifiercontaining the provided value. If the receiving IdP can not fulfill this requirement it will should return an error response.
- If set, causes the authentication request to carry a
discoveryPolicy(string) (SAMLDSonly) (Version 2.5 and Above)- Used as input to some discovery protocols that take parameters modifying discovery behavior. In the case of the
type="SAMLDS"SessionInitiator, this is passed as apolicyparameter value.
- Used as input to some discovery protocols that take parameters modifying discovery behavior. In the case of the
template(base64-encoded SAML<AuthnRequest>message) (SAML2only) (Version 2.6 and Above)- If supplied, the eventual SAML request is constructed based on the message supplied, apart from per-request information or settings supplied directly in the configuration or as parameters. Allows a message to be constructed externally with extensions or dynamic content, and then re-issued by the SP.
Examples
The redirection examples shown are illustrated by way of the HTTP Location header that would be returned to a client by an application. Refer to your programming environment's documentation for information on how to generate redirects and produce such a header. Note that you should always be sure to URL-encode any parameter values that you append.
...