rp) corresponds to the application that will ask for the user to interact with the authenticator.
$rpEntityobject will be useful for the next steps.
rp. By default, the relying party ID is
nulli.e. the current domain will be used.
rpID, especially if your application has several sub-domains. The rp ID can be set during the creation of the object as 2nd constructor parameter.
rpID shall be the domain of the application without the scheme, userinfo, port, path, user…. IP addresses are not allowed either.
https://(www.)site1.host.comand another at
https://(www.)site2.host.com, then the Relying Party IDs should be
site2.host.comrespectively. If you set
host.com, there is a risk that users from
site1.host.comcan log in at