From c2ae88550b2717c4b8b79a3b99c46dd75f985647 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 6 Apr 2010 07:21:07 +0000
Subject: [PATCH] docs: Update documentation for IdP first authentication.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2246 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-idp.txt | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/docs/simplesamlphp-idp.txt b/docs/simplesamlphp-idp.txt
index f465ee5c5..b785a4c8a 100644
--- a/docs/simplesamlphp-idp.txt
+++ b/docs/simplesamlphp-idp.txt
@@ -221,7 +221,16 @@ Here is an example of such an url:
 
 	https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org
 
-When the IdP-first flow is used an extra parameter is needed in the `saml20-sp-hosted` metadata. This is the `RelayState` parameter that tells the SP which URL to redirect the user to after the user is successfully authenticated. This typically is the frontpage of your application. An example of this can be:
+If the SP is a simpleSAMLphp SP, you must also specify a `RelayState` parameter for the SP.
+This must be set to an URL the user should be redirected to after authentication.
+The `RelayState` parameter can be specified in the [SP configuration](saml:sp), or it can be sent from the IdP.
+To send the RelayState parameter from a simpleSAMLphp IdP, specify it in the query string to SSOService.php:
 
-	'RelayState' => '/',
+    https://idp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=sp.example.org&RelayState=https://sp.example.org/welcome.php
 
+To set it in the SP configuration, add it to `authsources.php`:
+
+    'default-sp' => array(
+        'saml:SP',
+        'RelayState' => 'https://sp.example.org/welcome.php',
+    ),
-- 
GitLab