TechQA.

Send login_hint parameter from Shibboleth (Service provider) to Azure AD (Identity Provider)

527 views Asked by At

We installed Shibboleth SP3 on our IIS instance, it works pretty well to have a SSO authentication.

However, we want to pass a « login_hint » parameter to Azure (our IdP) to ease people with multiple accounts. This way, the login is already set if they are not connected yet and they just have to fill the form with their password.

Is there a way to pass a query string parameter from the initial http request to the Idp ?

For example, a user go to https://sp.server.com/[email protected], then he is redirected to https://login.microsoft.com/... Where we want to add this parameter.

Best regards,

Pierre Soundirarassou

iis azure-active-directory single-sign-on shibboleth shibboleth-sp
Original Q&A
1

There are 1 answers

2
Rukmini On

To send login_hint parameter from Service provider to Azure AD, try making use of SAML.

Security Assertion Markup Language (SAML ) is standard for exchanging authentication and authorization identities between security domains. It uses security tokens containing assertions to pass information between Identity Provider and Service Provider.

To redirect the user to a specific page after SSO try making use of RelayState or Goto parameter.

  • If you use RelayState parameter, you need to encode this value in URL like below:
    RelayState=https%3A%2F%2Fhost1.example.com
  • If you using goto parameter, then make sure the resource of the URL stated in the goto parameter should exist in the resource list to redirect the user. If you do not include URL resource list, all resources included in URLs specified in the goto parameter are considered valid.

Please refer the sample snippet below if it is helpful:

<form method="post" action="https://sp.example.com/SAML2/SSO/POST" ...>
    <input type="hidden" name="SAMLResponse" value="<response>" />
    <input type="hidden" name="RelayState" value="<url>" />
    ...
    <input type="submit" value="Submit" />
</form>

For more in detail, please refer the below links if helpful:

single sign on - SSO - SAML, Redirect a user to a specified landing page after successful log in - Stack Overflow.

How do I redirect to a specific page after a successful IdP or SP initiated login in AM (All versions)? - Knowledge - BackStage (forgerock.com).

https://www.componentspace.com/Forums/1579/How-to-pass-parameter-with-SP-initiated-sso-request

Related Questions in IIS

Related Questions in AZURE-ACTIVE-DIRECTORY

Related Questions in SINGLE-SIGN-ON

Related Questions in SHIBBOLETH

Related Questions in SHIBBOLETH-SP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions