10.1.3 Configuration options for customizing HTML

When whole page is generated, some templating information is taken from the configuration.

IDP_SEL_START

All the HTML before <form> tag. This can include HTML headers and the <body> tag, as well as beginning of the page, allowing for complete color selection, stylesheet embedding, and general branding of the page.

IDP_SEL_NEW_IDP

The HTML fragment to allow login using a new IdP (Auto CoT using IdP URL). Set to empty to hide this possibility.

IDP_SEL_OUR_EID

Message displaying SP Entity ID, in case (technically minded) user needs to know this to establish relationship with an IdP.

IDP_TECH_USER

Technical parameters that user might want to set, and typically would be allowed to set. May be hidden (not user controllable) or visible.

fc

Create federation (AllowCreate flag)

fn

Name ID format

prstnt

Persistent (pseudonym)

trnsnt

Transient, temporary pseudonym

IDP_TECH_SITE

Technical parameters that the site administrator should decide and set. Usually hidden fields:

fq

Affiliation ID (usually empty)

fy

Consent obtained by SP for the federation or SSO

empty

No statement about consent

urn:liberty:consent:obtained

Has been obtained (unspecified way)

urn:liberty:consent:obtained:prior

Obtained prior to present transaction, e.g. user signed terms and conditions of service

urn:liberty:consent:obtained:current:implicit

Consent is implicit in the situation where user came to invoke service

urn:liberty:consent:obtained:current:explicit

Obtained explicitly

urn:liberty:consent:unavailable

Consent can not be obtained

urn:liberty:consent:inapplicable

Obtaining consent is not relevant for the SP or service.

fa

Authentication Context (strength of authentication) needed by the SP

fm

Matching rule for authentication strength (usually empty, IdP decides)

fp

Forbid IdP from interacting with the user (IsPassive flag)

ff

Request reauthentication of user (ForceAuthn flag)