Passively check for session with multiple IdPs

Cantor, Scott cantor.2 at
Wed Nov 16 14:59:09 GMT 2011

On 11/16/11 9:35 AM, "Donald Shaw" < at> wrote:
>How might an appropriate SessionInitiator for looping over 2 or more IdPs

There is none, you have to script the entire process via the lazy session

Some notes:

- the SP will now correctly return the client to the target resource if
you specify isPassive and it can't dispatch via a supporting initiator
(that handles the SAML 1 case)

- the SP will ignore the NoPassive error code and pass control back to the
target resource if the IdP returns that code

- any other error would terminate, so you'd have to handle errors with the
redirectErrors option

All of the features involved are poorly tested and probably buggy.

-- Scott

More information about the users mailing list