CODEWITHSUNDEEP
iisazure-active-directorysingle-sign-onshibbolethshibboleth-sp
Pierre Soundirarassou
Pierre Soundirarassou

Reputation: 1

Send login_hint parameter from Shibboleth (Service provider) to Azure AD (Identity Provider)

We installed Shibboleth SP3 on our IIS instance, it works pretty well to have a SSO authentication.

However, we want to pass a « login_hint » parameter to Azure (our IdP) to ease people with multiple accounts. This way, the login is already set if they are not connected yet and they just have to fill the form with their password.

Is there a way to pass a query string parameter from the initial http request to the Idp ?

For example, a user go to https://sp.server.com/[email protected], then he is redirected to https://login.microsoft.com/... Where we want to add this parameter.

Best regards,

Pierre Soundirarassou

Upvotes: 0

Views: 599

Answers (1)

Rukmini
Rukmini

Reputation: 16064

To send login_hint parameter from Service provider to Azure AD, try making use of SAML.

Security Assertion Markup Language (SAML ) is standard for exchanging authentication and authorization identities between security domains. It uses security tokens containing assertions to pass information between Identity Provider and Service Provider.

To redirect the user to a specific page after SSO try making use of RelayState or Goto parameter.

  • If you use RelayState parameter, you need to encode this value in URL like below:
    RelayState=https%3A%2F%2Fhost1.example.com
  • If you using goto parameter, then make sure the resource of the URL stated in the goto parameter should exist in the resource list to redirect the user. If you do not include URL resource list, all resources included in URLs specified in the goto parameter are considered valid.

Please refer the sample snippet below if it is helpful:

<form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...>
    <input type="hidden" name="SAMLResponse" value="<response>" />
    <input type="hidden" name="RelayState" value="<url>" />
    ...
    <input type="submit" value="Submit" />
</form>

For more in detail, please refer the below links if helpful:

single sign on - SSO - SAML, Redirect a user to a specified landing page after successful log in - Stack Overflow.

How do I redirect to a specific page after a successful IdP or SP initiated login in AM (All versions)? - Knowledge - BackStage (forgerock.com).

https://www.componentspace.com/Forums/1579/How-to-pass-parameter-with-SP-initiated-sso-request

Upvotes: 0

Related Questions