...
If you do need to treat an IdP specially in one of the following ways, read that section:
Different entityID
The <Application>
element contains a <DefaultRelyingParty>
element with individual <RelyingParty>
configuration inside it. The Name
matches Add a <RelyingParty>
element to the <Application>
configuration with a new Name
matching the entityID
of an the IdP or a federation. The SP can refer to will name itself by a special specified entityID
when talking to this IdP if you add an entityID
attribute to the <RelyingParty>
element attribute when it talks to the relying party Name
. This won't work if a WAYF
style <SessionInitiator>
is used, but it will work with a DS
.
...
Add a <RelyingParty>
element to the <Application>
configuration with a new Name
matching the entityID
of an the IdP or a federation. Make the keyName="specialKey"
refer to a <CredentialResolver>
. You can also change the default encryption
and signing
settings, or the use of TLS
to authenticate to other providers, but this is rarely required.
...