When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider a hint as to which username to use? In my application I know which user it wants to authenticate (based on a unique link the user clicked in an e-mail), and I'd like that username to be prefilled in the IdP's username box.
Using SAML 2.0 with Active Directory Federation Services (AD FS) 2.1.
SAML 2.0 single sign-on (SSO) supports integration with Microsoft Active Directory Federation Services (ADFS) 3.0.
While SAML is an identity provider, ADFS is a service provider. A SAML 2.0 Identity Provider (IdP) can take multiple forms, one of which is a self hosted Active Directory Federation Services (ADFS) server.
SAML assertion is a document issued and signed by the Identity Provider that contains authentication details. When a SAML-enabled application processes a SAML assertion, by default it uses NameID to determine the username of the user that is logging in.
Receive signed SAML authentication responses If Auth0 is the SAML service provider, all SAML responses from your identity provider should be signed to indicate it hasn't been tampered with by an unauthorized third-party.
Yes, you can use the optional <saml:Subject>
field in the AuthnRequest
message sent from the SP to the Idp to request a specific subject from the Idp. See section 3.4.1 in the SAML2 spec.
I have no idea if ADFS respects that field though.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With