Clean up and expand the IdP first section in the documentation.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2880 44740490-163a-0410-bde0-09ae8108e29a

Clean up and expand the IdP first section in the documentation.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2880 44740490-163a-0410-bde0-09ae8108e29a
a532329c · Olav Morken · cb3bc0a2 · a532329c
Commit a532329c authored 13 years ago by Olav Morken
--- a/docs/simplesamlphp-idp-more.txt
+++ b/docs/simplesamlphp-idp-more.txt
@@ -46,11 +46,36 @@ If you do not want to start the SSO flow at the SP, you may use the IdP-first se

 Here is an example of such an url:

-	https://sp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=dev.andreas.feide.no
+	https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=dev.andreas.feide.no

-When the IdP-first flow is used an extra parameter is needed in the `saml20-sp-hosted` metadata. This is the `RelayState` parameter that tells the SP which URL to redirect the user to after the user is successfully authenticated. This typically is the frontpage of your application. An example of this can be:
+You can also add a RelayState parameter to the IdP-first URL:

-	'RelayState' => '/',
+	https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=urn:mace:feide.no:someservice&RelayState=https://sp.example.org/somepage
+
+The RelayState parameter is often uset do carry the URL the SP should redirect to after authentication.
+
+
+### IdP first with SAML 1.1
+
+A SAML 1.1 SP does not send an authentication request to the IdP, but instead triggers IdP initiated authentication directly.
+If you want to do it manually, you can access the following URL:
+
+	https://idp.example.org/simplesaml/shib13/idp/SSOService.php?providerId=urn:mace:feide.no:someservice&shire=https://sp.example.org/acs-endpoint&target=https://sp.example.org/somepage
+
+The parameters are as follows:
+
+`providerID`
+:   The entityID of the SP.
+    This parameter is required.
+
+`shire`
+:   The AssertionConsumerService endpoint of the SP.
+    This parameter is required.
+
+`target`
+:   The target parameter the SP should receive.
+    This is often the page the user should be sent to after authentication.
+    This parameter is optional for the IdP, but must be specified if the SP you are targeting is running simpleSAMLphp SP.


 IdP-initiated logout