Login – hint for SAML?

From IIW
Jump to: navigation, search

Session Topic: Login Hint for SAML?

Wednesday 1E

Convener: Mike Jones

Notes-taker(s): Prateek Mishra

Do SAML authentication flows (AuthNRequest <--> AuthNResponse) accommodate the SP providing a way to give a user-name hint? One requirement is that the IdP should NOT fail if this hint does not succeed. So if the SP offers "sam@yahoo.com" and the IdP can only find "samuelo@gmail.com" after user authentication, that’s OK.

-discussion-

Mike - the desired solution is pragmatic (should work with existing SAML infrastructure) and should not involve extension or new protocol flows.

Consensus: not clear if the current flows (as described in the samlk core specification) includes this case. It will be helpful if attendees check their implementations and figure out if this case is handled, and if it is, how it is achieved.