<Extensions> in AuthnRequest from SP dynamically

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

<Extensions> in AuthnRequest from SP dynamically

tpanchal
Hi,

I have a standard shibboleth SP implementation. The IDP that I am testing with wants us to pass Extensions element dynamically on a per request basis as AuthnRequest. I have the configuration in shibboleth2.xml as below,
            <SessionInitiator type="SAML2" isDefault="false" id="Login2"  Location="/Login2" entityID="idp.entityid" NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
IssuerFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">
  <samlp:AuthnRequest  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="foo" Version="2.0" IssueInstant="2012-01-01T00:00:00Z">     
                           <samlp:Extensions>
                                      <idpns:institutionId name="institutionId" value="00000"   xmlns:idpns="idpnamespace"/>
                           </samlp:Extensions>
        </samlp:AuthnRequest>
            </SessionInitiator>

But this config just sends hardcoded institutionid. Is it possible to pass the institutionid in the session initiator querystring (i.e. Login2?institutionId=00000)? I know that many elements like authnContextClassRef, NameIDFormat, SPNameQualifier can be replaced using querystring. But I really want to replace extensions using querystring. Is there any way that can be possible?

Thanks,
Tushar