i have a redirect connection and im providing the login_hint as a query parameter in the “/authorize” but the login_hint is not getting propagated. Not sure if there is something i need to add in auth0 or if that is a fix for the identity provider, which is okta.
I think this is related : Enabling Seamless SSO. Can anyone confirm? Also: On my account I don’t see the option of enabling Seamless SSO (Enable Seamless SSO options missing in tenant settings). Who do I request to get this added to my account?
Seamless SSO is enabled by default on all new tenants. That thread is request the option to disable seamless SSO.
I am not sure that is related to this thread.
Can you tell us more about your setup? Are you using new universal login or classic? The default widget or custom setup?
for auth0, we are using the classic login and default widget. we have a login endpoint that only a specific client uses, when the they hit this endpoint, i add the “connection=***” in the /authorize call so that it seamlessly redirects to their federated login. The whole login process works, what our client wants is that the username/email be added to the login_hint of their login. As i stated before, when i add the login_hint on our side, it shows up in the /authorize call. but it does not get propagated to the clients login (they are using okta). Anything else we can try? Just trying to check off all our options before going to the client. Thanks!
If I understand correctly you are trying to pass the param upstream to Okta, as they are the IDP in this scenario.
You will need to pass login_hint as an upstream param. Checkout this doc and let me know if I am missing something:
Thanks for the recommendation, i think we’re on the right track, i forgot to mention that the okta IDP is also a SAML connection, and from the doc you provided, its says SAML IDPs do not support param upstream. Another other docs i could take a look at?
If that’s the case then it sounds like it might not be possible. I’m not sure if this is a protocol limitation or a feature limitation, but you are free to create a feature request here if you would like.
To summarize for future users, the requirement here is to populate a login hint for a SAML connection, with Okta as IDP. The Auth0 docs state that this isn’t possible because of the SAML connection, as some IDPs don’t support login hint. I looked through the Okta docs and can’t find anything about supporting it.
This would sometimes be possible by passing params upstream.
Thanks for the help, just so i cover all our bases, in the logs, is there a way to see what we are sending to the okta IDP ?
Have you looked at your logs? I don’t have an okta IDP set up to try it.
If you DM me your tenant name I am happy to take a look.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.