SAMLDS SessionInitiator
- Rod Widdowson
Advanced Configuration
Note, this is an advanced configuration feature. Most deployments can rely on the <SSO> shorthand element.
Indicated by type="SAMLDS", refers the browser to a discovery service (DS) supporting the proposed SAML 2.0 IdP Discovery Protocol. As a discovery handler, no entityID can be known (or the handler will silently ignore the request, since discovery would serve no purpose).
The design of this protocol results in a redirect back to the SP with a single entityID selected, if one is chosen by the user. The handler implementation causes this redirect to be returned to itself in a manner that allows the handler to be configured in a "chain" with one or more protocol handlers. Used alone, the SAMLDS handler will simply display an error when the result is returned because it cannot itself cause an authentication request to be generated.
Attributes
In addition to the Common Attributes the following can be specified:
Name | Type | Default | Description |
|---|---|---|---|
URL  | absolute URL |  | The URL of a compliant discovery service. |
isPassive | boolean | false | If true, causes the <samlp:AuthnRequest>'s IsPassive attribute to be "true". |
discoveryPolicy | string | If set, causes the request to the DS to carry a policy parameter with the specified value. |
Query String ParametersÂ
In addition to the Common Query String Parameters the following can be provided via the Initiator Protocol
Parameter Name | Parameter Value Type | Description |
|---|---|---|
isPassive | boolean | Establish a value for the IsPassive attribute of the <samlp:AuthnRequest> or the IsPassive parameter of the DS redirect |
discoveryPolicy | String | Used as input to some discovery protocols that take parameters modifying discovery behavior. |