Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I provide the username to use in a SAML request? (AD FS)

When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider a hint as to which username to use? In my application I know which user it wants to authenticate (based on a unique link the user clicked in an e-mail), and I'd like that username to be prefilled in the IdP's username box.

Using SAML 2.0 with Active Directory Federation Services (AD FS) 2.1.

like image 468
joelsand Avatar asked Nov 19 '13 14:11

joelsand


People also ask

Does Adfs work with SAML?

SAML 2.0 single sign-on (SSO) supports integration with Microsoft Active Directory Federation Services (ADFS) 3.0.

Is Adfs a SAML identity provider?

While SAML is an identity provider, ADFS is a service provider. A SAML 2.0 Identity Provider (IdP) can take multiple forms, one of which is a self hosted Active Directory Federation Services (ADFS) server.

What is SAML username?

SAML assertion is a document issued and signed by the Identity Provider that contains authentication details. When a SAML-enabled application processes a SAML assertion, by default it uses NameID to determine the username of the user that is logging in.

Should SAML request be signed?

Receive signed SAML authentication responses If Auth0 is the SAML service provider, all SAML responses from your identity provider should be signed to indicate it hasn't been tampered with by an unauthorized third-party.


1 Answers

Yes, you can use the optional <saml:Subject> field in the AuthnRequest message sent from the SP to the Idp to request a specific subject from the Idp. See section 3.4.1 in the SAML2 spec.

I have no idea if ADFS respects that field though.

like image 144
Anders Abel Avatar answered Sep 20 '22 12:09

Anders Abel