Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Session Initiator Parameters

There is a small set of parameters that can be used when triggering an authentication request. These can be placed in the request map, web server directives, or the <SessionInitiator> itself. Session initiators for a protocol that don't support a requested parameter will ignore it.

Parameter

Effect

entityID

An authentication request will be created for this specific IdP.

target

The URL to return the user to after authenticating. If unspecified, and no page was referenced in automatic session initiation, then homeURL for the application is used.

acsIndex

The index value of the <AssertionConsumerService> to request the assertion resulting from the authentication be returned to.

forceAuthn

Require that the user be authenticated by the IdP, even if they have already done so. (SAML2 or DS only)

isPassive

Prevent the IdP or discovery service from interacting with the user. (SAML2 or DS only)

authnContextClassRef

Request a particular authentication context be used using a URI, generally selected from the SAML 2.0 standard. (SAML2 only)

authnContextComparison

  • No labels