RapidIdentity Product Guide: New UI

Sign-On Request

Issue a GET to /idp/profile/wsfed with the following parameters.

Table 293. GET Parameters

Parameter

Type

 Description

wa

String required

"wsignin1.0".

wtrealm

String required

The "Realm ID" of the Relying Party.

wctx

String optional

A opaque value used by the Relying Party to maintain state between the request and callback.

wfresh

Integer optional

The desired maximum age of authentication in minutes. A value of 0 (zero) indicates that the Identity Provider should force the user to re-authenticate before issuing a token. A value > 0 indicates that the Identity Provider should force the user to re-authenticate if they have not authenticated in that many minutes. If not specified, then the Identity Provider will make its own determination on whether the user needs to be re-authenticated based on the global SSO session timeout.

wreply

String optional

The URL to which the Identity Provider should POST the security token.

By default the Identity Provider will POST the security token response back to the "Realm ID" of the Relying Party if it is a valid URL. However, multiple response URLs can be registered for any Relying Party and if one of those is specified by this parameter, the Identity Provider will POST the token there.

The Identity Provider will never POST to a response URL which has not been pre-registered.



Upon issuing a security token, the Identity Provider generates an HTML form populated with the following values and POSTs the form to the response URL.

Table 294. POST Parameters

Parameter

Type

Description

wa

String

"wsignin1.0".

wctx

String

The wctx value which was passed in to the original Sign-On request (if any).

wresult

String

The security token itself.