Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

The precise behavior of the EDS is controlled by various configuration options which are set in the IdPSelectUIParms class defined in the idpselect_config.js file. This is the only file you should need to edit to configure the EDS.

...

See below for more details

dataSource

default value: /Shibboleth.sso/DiscoFeed
This is the URL of the source of the data feed of IdPs to the DS. This feed must be at the same location as the DS itself and so it is usual for the protocol and host part of the URL (https://example.org) to be dropped.

...

default value: null
If this is supplied, then the entityID supplied via the DS protocol is checked against this string.

noWriteCookie 1.1

default value: false
If this is set to true, then the EDS does not save the selected IdP as a cookie.  If the EDS shares a domain with a Shibboleth SP, then this setting might be combined with enabling the SP's IdP history can be enabled via the idpHistory attribute on the SP's <Sessions> element.  This has the advantage that only successfully authenticated IdPs are store, whereas the EDS would otherwise save all selected IdPs.

preferredIdP

default value: null
If this is supplied, then it must be an array of entityIDs of IdPs which are considered preferred by this SP. Preferred IdPs are always displayed regardless of whether the user has previously selected them.

...

default value: null
If this is supplied then it must be an array of entityIDs of IdPs which are not to be displayed by the EDS.

...

redirectAllow 1.

...

3

This setting prevents the use of the EDS as an open redirector by enforcing one or more regular expressions against the requested return parameter. The EDS doesn't have any dynamic awareness of the host(s) it's being deployed for, so it can't automatically guess an appropriate default. Upgraded systems will not have this setting, and continue to operate as before, but new installs get a default value that will cause an error until an appropriate rule is added.

The original name of this filter type prior to V1.3 was "returnWhiteList", support for which will be removed in a future release.

samlIdPCookieTTL

default value: 730
This is the lifetime (in days) of the cookie which is used to store the list of previously visited sites. This cookie is in the standard _saml_idp format as described in the SAML profiles specification.

...