Pass login_hint to SAML provider

Problem Statement

We use Auth0 for SSO across several various IdPs in our application. We have noticed that the ADFS Enterprise Connections will pass login_hint to the IdP, but our SAML Enterprise Connections do not. Any solutions?

Solution

Passing a login hint to a SAML IdP is possible through an implemented template variable @@LoginHint@@. Please add it to the Request Template field of the SAML connection in the Auth0 dashboard.

Example code:

<saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
    <NameID>
        @@LoginHint@@
    </NameID>
</saml:Subject>

Full request template that works in Auth0 (as SP). Tested and works if Auth0 is IdP:

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
    ID="@@ID@@"                             
    IssueInstant="@@IssueInstant@@"
    AppName="@@ProviderName@@" 
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
       <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
        <NameID>
            @@LoginHint@@
        </NameID>
    </saml:Subject>
</samlp:AuthnRequest>
1 Like