type="Form", this initiator displays an HTML template containing a form to prompt the user for the
entityID to use. As a discovery handler, no entityID can be known (or the handler will silently ignore the request, since discovery would serve no purpose).
This is a simple substitute for referring the user to another site, which is generally incapable of addressing scenarios involving multiple sets of unrelated IdPs. This handler can be combined with the
Transform SessionInitiator to enable the user's input to be turned from something simpler into an
Plugin type name.
|relative path||The location of the |
|string||optional|| Identifies a |
If true, establishes the default
Controls how information associated with the session request, primarily the original resource accessed, is preserved for the completion of the authentication process. Overrides the like-named attribute in the
This matches the
Optional, advanced setting for overriding the name of the query string parameter used to override the IdP to use. Normally
|URL||Allows the resources to return to after SSO to be "locked" to a specific value, even when running as a result of active protection of other resources. In other words, this value overrides the actual resource location when SSO redirection is automatic, including initial access and after a timeout.|
|See Signing&Encryption. Controls outbound signing of XML messages and content subject to applicability to the protocol involved.|
|See Signing&Encryption. Controls outbound encryption of XML messages and content subject to applicability to the protocol involved.|
Allows handlers to disallow the use of externally supplied parameters / input to drive them. The specific settings this influences will vary by handler, and by default the full range of settings supported can be supplied from outside the SP, typically using query string parameters or form submission. For particularly sensitive or important options, this setting can be used to block that support. This primarily applies to the
Path to the HTML template to display.
Query String Parameters
The following can be provided via the Initiator Protocol
The protocol independent parameters are
Parameter Value Type
The IdP to request authentication from.
The URL to return the user to after authenticating. If unspecified, the
|whitespace-delimited URIs||Requests that particular authentication context classes be used by the IdP.|
There are no protocol specific parameters