...
In turn, these endpoint locations are usually supplied to partner sites in Metadata. When they don't match the metadata, various errors will result.
...
checkAddress(boolean) (default is truefalse)- The IdP will place the IP address of the user agent it authenticated into the assertions it issues. When true, the SP will check this address against the address of the client presenting an assertion before creating a session. While useful for security, NAT and proxy usage (as well as IPv6 support on only either the webserver hosting the IdP or the SP) often make this setting a source of errors.
...
Prior to Version 2.4, the child elements defined for this element were the various kinds of handlers supported by the SP. A number of different pre-defined elements are used for handlers with particular significance, often lifted directly from the SAML Metadata schema. A generic element is also used for extension handlers with a more varied nature.
...
<SessionInitiator>- Initiates sessions by creating an a request for authentication specific to a particular SSO protocol, or invoking some kind of IdP discovery mechanism. Generally superseded in 2.4+ by the
<SSO>service element.
- Initiates sessions by creating an a request for authentication specific to a particular SSO protocol, or invoking some kind of IdP discovery mechanism. Generally superseded in 2.4+ by the
...