Forum Discussion
AltostratusHowto extract SAML NameID from AuthnRequest
NacreousSince SP and IDP sessions are totally diffrent and independent of each other, it would need custom rules built to extract the user. Not seen that's been implemented many places. We will keep the forum open for other to provide any inputs if there is any easy way to extract this.
On seperate note, how about modifying the page at the SP end to omit the field for user and just have sign in button, which will redirect the user to IDP and user would have to put it only once on IDP page? I know this isn't ideal option but just thinking out loud.
CirrostratusHi SanjayP,
I have an example for an SP, the Adobe Cloud.
It is handled the same way as the Microsoft Auth Page, you need to first specify a NameID (first.last@domain.com) and then the Authenticator recognizes the @domain.com and is redirecting then to the IdP.
Documentation from Adobe: https://helpx.adobe.com/enterprise/using/set-up-identity.html#set-up-directory
So how is it supposed to work when we have a button on this logon page?
So we have for every organization buttons on the logon page then?
I think this will not scale.
Do you understand now what hpr means?
In this example:
Open adobe.com logon page -> Enter first.last@domain.com -> Adobe does the redirect to the IdP for @domain.com.
What you mean is the way it is done with OAuth 2.0/OIDC where the big players like google/github/twitter etc. have bnuttons for login.
In SAML it is different solved, see the manual above from adobe.
I hope this helps to enlighten the question above a little bit.
Thanks,
Peter
