Configuring the IdP for Previous Session Authentication
This authentication method comes preconfigured with the IdP and is invoked every time the IdP uses a user's existing IdP session as the proof of authentication.
Removal of the PreviousSession login handler will disable SSO support.
Defining the Login Handler
This login handler is defined with the element <LoginHandler xsi:type="PreviousSession">
.
The following optional attributes are supported:
- reportPreviousSessionAuthnMethod - indicates whether the SAML2 PreviousSession authentication method should be reported to the SP; the default is to report one of the methods originally used to authentication to the IdP that is also supported by the SP.
- servletPath - indicates a Servlet to which the browser should be redirect
- supportsPassiveAuthentication - indicates whether this handler supports passive authentication; this is only meaningful if the
servletPath
attribute is also used (default value: false)
Additionally the login handler must contain one or more <AuthenticationMethod>
element whose content is the authentication method(s) serviced by the login handler.
<LoginHandler xsi:type="PreviousSession"> <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod> </LoginHandler>