Problem statement
When passing the Subject claim in an AuthnRequest to Azure AD, it gives the following error:
AADSTS900236: The SAML authentication request property ‘Subject’ is not supported and must not be set.
Symptoms
Auth0: SAML SP
Azure AD: SAML IdP
This can happen when the app passes a login_hint to Auth0 and the SAML connection’s request template has a Subject tag along with @@LoginHint@@ to pass that along to the upstream IdP.
Cause
Azure AD does not support the Subject claim in the AuthnRequest as documented here:
Solution
Please remove the Subject tag from the SAML request template since Azure AD does not support sending this. And due to this, we cannot pass login_hint to Azure using a SAML connection.