Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • authnContextComparison ("exact", "minimum", "maximum", "better") (defaults to "exact") (SAML2 only)
    • Indicates the required relationship between a requested context class and the resulting form of authentication. The Shibboleth 2.x IdP currently supports only "exact".
  • NameIDFormat (URI) (SAML2 only) (Version 2.3 and Above)
    • If set, causes the authentication request to carry a saml:NameIDPolicy with a Format containing the provided value. If the receiving IdP can not fulfill this requirement it should return an error response.
  • SPNameQualifier (URI) (SAML2 only) (Version 2.3 and Above)
    • If set, causes the authentication request to carry a saml:NameIDPolicy with an SPNameQualifier containing the provided value. If the receiving IdP can not fulfill this requirement it will should return an error response.
  • discoveryPolicy (string) (SAMLDS only) (Version 2.5 and Above)
    • Used as input to some discovery protocols that take parameters modifying discovery behavior. In the case of the type="SAMLDS"SessionInitiator, this is passed as a policy parameter value.
  • template (base64-encoded SAML <AuthnRequest> message) (SAML2 only) (Version 2.6 and Above)
    • If supplied, the eventual SAML request is constructed based on the message supplied, apart from per-request information or settings supplied directly in the configuration or as parameters. Allows a message to be constructed externally with extensions or dynamic content, and then re-issued by the SP.

Examples

The redirection examples shown are illustrated by way of the HTTP Location header that would be returned to a client by an application. Refer to your programming environment's documentation for information on how to generate redirects and produce such a header. Note that you should always be sure to URL-encode any parameter values that you append.

...