OpenAM – idpSSOInit.jsp Parameters

idpSSOInit.jsp used to initiate SSO from the identity provider side, so call this on the identity provider not the service provider. This is also mapped to the endpoint idpssoinit under the context root.

Examples: http://www.idp.example:8080/openam/saml2/jsp/idpSSOInit.jsp,http://www.idp.example:8080/openam/idpssoinit

Allowed Parameters for idpSSOInit.jsp are :

metaAlias
(Required) Use this parameter to specify the local alias for the provider, such as metaAlias=/myRealm/idp. This parameter takes the format /realm-name/provider-name as described in MetaAlias. You do not repeat the slash for the top level realm, for example metaAlias=/idp.

spEntityID
(Required) Use this parameter to indicate the remote service provider. Make sure you URL encode the value. For example, specify spEntityID=http://www.sp.example:8080/openam asspEntityID=http%3A%2F%2Fwww.sp.example%3A8080%2Fopenam.

affiliationID
(Optional) Use this parameter to specify a SAML affiliation identifier.

binding
(Optional) Use this parameter to indicate what binding to use for the operation. For example, specifybinding=HTTP-POST to use HTTP POST binding with a self-submitting form. In addition to binding=HTTP-POST, you can also use binding=HTTP-Artifact.

NameIDFormat
(Optional) Use this parameter to specify a SAML Name Identifier format identifier such asurn:oasis:names:tc:SAML:2.0:nameid-format:persistent, or urn:oasis:names:tc:SAML:2.0:nameid-format:transient.

RelayState
(Optional) Use this parameter to specify where to redirect the user when the process is complete. Make sure you URL encode the value. For example, RelayState=http%3A%2F%2Fopenam.forgerock.org takes the user tohttp://openam.forgerock.org.

RelayStateAlias
(Optional) Use this parameter to specify the parameter to use as the RelayState. For example, if your query string has target=http%3A%2F%2Fopenam.forgerock.org&RelayStateAlias=target, this is like settingRelayState=http%3A%2F%2Fopenam.forgerock.org.

Leave a Reply

Your email address will not be published. Required fields are marked *