Configuring the IdP for Previous Session Authentication
This authentication method comes preconfigured with the IdP and is invoked every time the IdP uses a user's existing IdP session as the proof of authentication.
Removal of the PreviousSession login handler will disable SSO support if you are relying on Shibboleth for session management.
Defining the Login Handler
This login handler is defined with the element
The following optional attributes are supported:
- reportPreviousSessionAuthnMethod - indicates whether the SAML2 PreviousSession authentication method should be reported to the SP; the default is to report one of the methods originally used to authentication to the IdP that is also supported by the SP.
- servletPath - indicates a Servlet to which the browser should be redirect
- supportsPassiveAuthentication - indicates whether this handler supports passive authentication; this is only meaningful if the
servletPath attribute is also used (default value: false)
Additionally the login handler must contain one or more
<AuthenticationMethod> element whose content is the authentication method(s) serviced by the login handler.