https://issues.shibboleth.net/jira/browse/SSPCPP-410

diff --git a/schemas/shibboleth-2.0-native-sp-config.xsd b/schemas/shibboleth-2.0-native-sp-config.xsd
index 045bf39..6a37f22 100644 (file)
--- a/schemas/shibboleth-2.0-native-sp-config.xsd
+++ b/schemas/shibboleth-2.0-native-sp-config.xsd
@@ -244,6 +244,7 @@
     <attribute name="redirectToSSL" type="unsignedInt"/>
     <attribute name="entityID" type="anyURI"/>
     <attribute name="discoveryURL" type="anyURI"/>
+    <attribute name="discoveryPolicy" type="conf:string"/>
     <attribute name="isPassive" type="boolean"/>
     <attribute name="returnOnError" type="boolean"/>
     <attribute name="forceAuthn" type="boolean"/>
@@ -561,6 +562,7 @@
     <attribute name="SPNameQualifier" type="conf:string"/>
     <attribute name="requestDelegation" type="boolean"/>
     <attribute name="target" type="anyURI"/>
+    <attribute name="discoveryPolicy" type="conf:string"/>
     <anyAttribute namespace="##any" processContents="lax"/>
   </attributeGroup>
 

diff --git a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
index ed5b293..e3977a6 100644 (file)
--- a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
+++ b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp
@@ -277,6 +277,9 @@ pair<bool,long> SAMLDSSessionInitiator::run(SPRequest& request, string& entityID
         req = req + "&returnIDParam=" + m_returnParam;
     if (isPassive)
         req += "&isPassive=true";
+    prop = getString("discoveryPolicy");
+    if (prop.first)
+        req += "&policy=" + urlenc->encode(prop.second);
 
     return make_pair(true, request.sendRedirect(req.c_str()));
 }