SAMLDS SessionInitiator

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the <SSO> shorthand element.

Indicated by type="SAMLDS", refers the browser to a discovery service (DS) supporting the proposed SAML 2.0 IdP Discovery Protocol. As a discovery handler, no entityID can be known (or the handler will silently ignore the request, since discovery would serve no purpose).

The design of this protocol results in a redirect back to the SP with a single entityID selected, if one is chosen by the user. The handler implementation causes this redirect to be returned to itself in a manner that allows the handler to be configured in a "chain" with one or more protocol handlers. Used alone, the SAMLDS handler will simply display an error when the result is returned because it cannot itself cause an authentication request to be generated.

Attributes

In addition to the Common Attributes the following can be specified:

Name

Type

Default

Description

Name

Type

Default

Description

URL  

absolute URL

 

The URL of a compliant discovery service.

isPassive 

boolean

false

If true, causes the <samlp:AuthnRequest>'s IsPassive attribute to be "true".
Can be overridden by content setting or query string parameter.

discoveryPolicy 

string



If set, causes the request to the DS to carry a policy parameter with the specified value.
Can be overridden by content setting or query string parameter.

Query String Parameters 

In addition to the Common Query String Parameters the following can be provided via the Initiator Protocol

Parameter Name

Parameter Value Type

Description

Parameter Name

Parameter Value Type

Description

isPassive 

boolean

Establish a value for the IsPassive attribute of the <samlp:AuthnRequest> or the IsPassive parameter of the DS redirect

discoveryPolicy 

String

Used as input to some discovery protocols that take parameters modifying discovery behavior. 
In the case of the type="SAMLDS"SessionInitiator, this is passed as a policy parameter value.