16

When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider a hint as to which username to use? In my application I know which user it wants to authenticate (based on a unique link the user clicked in an e-mail), and I'd like that username to be prefilled in the IdP's username box.

Using SAML 2.0 with Active Directory Federation Services (AD FS) 2.1.

joelsand
  • 2,245
  • 2
  • 21
  • 31

1 Answers1

9

Yes, you can use the optional <saml:Subject> field in the AuthnRequest message sent from the SP to the Idp to request a specific subject from the Idp. See section 3.4.1 in the SAML2 spec.

I have no idea if ADFS respects that field though.

Anders Abel
  • 67,989
  • 17
  • 150
  • 217
  • 4
    AD FS 2.0 did not appear to honor that in the request. Hopefully support for that is added someday! – joelsand Apr 15 '14 at 20:11