Sign-On Request
Issue a GET to /idp/profile/wsfed with the following parameters.
Parameter | Type | Description |
|---|---|---|
wa | String required | "wsignin1.0". |
wtrealm | String required | The "Realm ID" of the Relying Party. |
wctx | String optional | A opaque value used by the Relying Party to maintain state between the request and callback. |
wfresh | Integer optional | The desired maximum age of authentication in minutes. A value of 0 (zero) indicates that the Identity Provider should force the user to re-authenticate before issuing a token. A value > 0 indicates that the Identity Provider should force the user to re-authenticate if they have not authenticated in that many minutes. If not specified, then the Identity Provider will make its own determination on whether the user needs to be re-authenticated based on the global SSO session timeout. |
wreply | String optional | The URL to which the Identity Provider should POST the security token. By default the Identity Provider will POST the security token response back to the "Realm ID" of the Relying Party if it is a valid URL. However, multiple response URLs can be registered for any Relying Party and if one of those is specified by this parameter, the Identity Provider will POST the token there. The Identity Provider will never POST to a response URL which has not been pre-registered. |
Upon issuing a security token, the Identity Provider generates an HTML form populated with the following values and POSTs the form to the response URL.
Parameter | Type | Description |
|---|---|---|
wa | String | "wsignin1.0". |
wctx | String | The wctx value which was passed in to the original Sign-On request (if any). |
wresult | String | The security token itself. |