<Extensions> in AuthnRequest from SP dynamically

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

<Extensions> in AuthnRequest from SP dynamically


I have a standard shibboleth SP implementation. The IDP that I am testing with wants us to pass Extensions element dynamically on a per request basis as AuthnRequest. I have the configuration in shibboleth2.xml as below,
            <SessionInitiator type="SAML2" isDefault="false" id="Login2"  Location="/Login2" entityID="idp.entityid" NameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
  <samlp:AuthnRequest  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="foo" Version="2.0" IssueInstant="2012-01-01T00:00:00Z">     
                                      <idpns:institutionId name="institutionId" value="00000"   xmlns:idpns="idpnamespace"/>

But this config just sends hardcoded institutionid. Is it possible to pass the institutionid in the session initiator querystring (i.e. Login2?institutionId=00000)? I know that many elements like authnContextClassRef, NameIDFormat, SPNameQualifier can be replaced using querystring. But I really want to replace extensions using querystring. Is there any way that can be possible?