ACUL How do I provide a login hint to an alternative social/enterprise connection?

Hey all,

We’re trying to implement ACUL for the login prompt, and we have a unique case where some of our users need to link out to an enterprise connection. The enterprise connection expects a login hint, but the /authorize call from our app doesn’t provide a login hint.

Using ACUL, and calling socialLogin({connection: 'someconnection', login_hint: 'somehint'}) on the login manager does not appear to send the hint to the enterprise connection request.

Is there some way we can pass additional parameters to the alternate connection if they’re not on the /authorize call? Do I need to do something special to customize the enterprise connection’s request template to do this?

Hi @steve.kiehl

Welcome to the Auth0 Community!

Could you please let us know what kind of Enterprise connection do you have configured? Is it an OIDC/SAML or IdP specific connection? Also, just to double check, are you using the New Universal Login Page or the Classic one?

If you are using the Classic one, you might want to check within Branding → Universal Login → Login tab check if you have the prefill object present:

You could also check out our documentation on Passing Parameters to IdPs as you might need to pass it as an upstream parameter.

Otherwise, if you need to pass it to a SAML provider, you can check out this knowledge article.

You can also check if the enterprise connection you have configured is able to receive the login_hint as a parameter (you did mention that it does expect one).

Hope this helped!
Gerald

Hey Gerald,

We’re attempting to move off of Classic Login and to New Universal Login. For this purpose, the custom login (Classic) is toggled OFF.

We’re working with a SAML connection, which expects @@LoginHint@@ in the SAML request payload. The problem come in after the “login” prompt appears. We need to capture the username entered on the login screen and call socialLogin with that username and the connection name. Our apps don’t collect username before passing the customer to the Auth0 login screen. Essentially, we do not know what the login_hint should be at the time we call /authorize, before the “login” prompt appears; only after they enter their username do we know who they are and where to send them.

With Classic login, we’re able to re-issue the “/authorize” call with a login hint and connection, but in New Universal it appears that we can’t do that. It also appears that the preferred solution in New Universal is to call socialLogin with the new connection, but at that point the login_hint is empty, and the SAML request sends over “@@LoginHint@@” raw without a replacement.