The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.

IdPAuthPreviousSession

Owned by Former user (Deleted)
Last updated: Mar 10, 2014 by ndk@internet2.eduVersion comment
1 min read

Configuring the IdP for Previous Session Authentication

This authentication method comes preconfigured with the IdP and is invoked every time the IdP uses a user's existing IdP session as the proof of authentication.

Removal of the PreviousSession login handler will disable SSO support if you are relying on Shibboleth for session management.

Defining the Login Handler

This login handler is defined with the element <LoginHandler xsi:type="PreviousSession">.

The following optional attributes are supported:

  • reportPreviousSessionAuthnMethod - indicates whether the SAML2 PreviousSession authentication method should be reported to the SP; the default is to report one of the methods originally used to authentication to the IdP that is also supported by the SP.
  • servletPath - indicates a Servlet to which the browser should be redirect
  • supportsPassiveAuthentication - indicates whether this handler supports passive authentication; this is only meaningful if the servletPath attribute is also used (default value: false)

Additionally the login handler must contain one or more <AuthenticationMethod> element whose content is the authentication method(s) serviced by the login handler.

Example PreviousSession Authentication Handler Configuration
<LoginHandler xsi:type="PreviousSession">
    <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
</LoginHandler>