Page tree

The Shibboleth 2.x software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP30 and SP3 wiki spaces for current documentation on the supported versions.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Session Initiator Parameters

There is a small set of parameters that can be used when triggering an authentication request. These can be placed in the request map, web server directives, or the <SessionInitiator> itself. Session initiators for a protocol that don't support a requested parameter will ignore it.




An authentication request will be created for this specific IdP.


The URL to return the user to after authenticating. If unspecified, and no page was referenced in automatic session initiation, then homeURL for the application is used.


The index value of the <AssertionConsumerService> to request the assertion resulting from the authentication be returned to.


Require that the user be authenticated by the IdP, even if they have already done so. (SAML2 or DS only)


Prevent the IdP or discovery service from interacting with the user. (SAML2 or DS only)


Request a particular authentication context be used using a URI, generally selected from the SAML 2.0 standard. (SAML2 only)


Allows the SP to request an authentication that is an exact authnContext match, meets the context at a minimum, meets the context at a maximum, or is better than the specific class requested. The Shibboleth 2.0 IdP only supports exact comparison matches.

  • No labels