From c8b628c88959d9ed45271274db0385bee3681f7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Mon, 23 Mar 2009 22:29:07 +0000
Subject: [PATCH] IdP-first flow information. and added propset id

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1437 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-googleapps.txt |  2 +-
 docs/simplesamlphp-idp-more.txt   | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/docs/simplesamlphp-googleapps.txt b/docs/simplesamlphp-googleapps.txt
index 293d830a6..500602f5f 100644
--- a/docs/simplesamlphp-googleapps.txt
+++ b/docs/simplesamlphp-googleapps.txt
@@ -7,7 +7,7 @@ Setting up a simpleSAMLphp SAML 2.0 IdP to use with Google Apps for Education
 	http://daringfireball.net/projects/markdown/syntax
 -->
 
-  * Version: `$Id: simplesamlphp-install.txt 1297 2009-02-23 09:03:26Z andreassolberg $`
+  * Version: `$Id$`
 
 
 
diff --git a/docs/simplesamlphp-idp-more.txt b/docs/simplesamlphp-idp-more.txt
index 442bd8529..708265d78 100644
--- a/docs/simplesamlphp-idp-more.txt
+++ b/docs/simplesamlphp-idp-more.txt
@@ -1,5 +1,5 @@
 SimpleSAMLphp Identity Provider Advanced Topics
-===========================================
+===============================================
 
 <!-- 
 	This file is written in Markdown syntax. 
@@ -26,3 +26,17 @@ The attribute release consent is documented in a separate document.
 
   * [Documentation on the consent module](https://rnd.feide.no/content/consent-module)
 
+
+IdP-first flow
+--------------
+
+If you do not want to start the SSO flow at the SP, you may use the IdP-first setup. To do this, redirect the user to the SSOService endpoint on the IdP with one parameter `spentityid` that match the SP EntityId that the user should be logged into.
+
+Here is an example of such an url:
+
+	https://sp.example.org/simplesaml/saml2/idp/SSOService.php?spentityid=dev.andreas.feide.no
+
+When the IdP-first flow is used an extra parameter is needed in the `saml20-sp-hosted` metadata. This is the `RelayState` parameter that tells the SP which URL to redirect the user to after the user is successfully authenticated. This typically is the frontpage of your application. An example of this can be:
+
+	'RelayState' => '/',
+
-- 
GitLab