Forum Discussion
sorry for the lame question,but if F5 is acting as IDP, shouldn't it have access to nameID already? It will generate the SAML assertion after authentication with domain controller. on F5, we would have to set AD query to retrive attributes from AD and set nameID accordingly (e.g. email/UPN etc).
thanks. it makes perfect sense now :) . Yes, I was talking about saml_subject in step#5.
There is similar discussion for auto populating user coming from SP.
https://devcentral.f5.com/s/question/0D51T00006lTl96/autofill-username-for-office-365-federation
but it appears authrequest doesn't have any attribute set if it's SP initiated SSO. Are you sure, you can see email address in authrequest?
ACCESS::saml authn [value] will not work, as that is triggered only when F5 generates the payload.
This would need to check first, how emailaddress is being sent (either any part of header, uri or payload) and write iRule to extract that, set custom session parameter with that and use in login page.
OR present F5 login page, with username/password field and take it from there. (which you are already doing it), but I understand it's not user friendly.