doutan2456 2019-02-19 11:44
浏览 227


I've implemented the OneLogin PHP SAML library and everything works well, but have had someone ask if it's possible to be able to send the email address/username from the SP-initiated login to the IdP.

You see, at the moment the user's login flow would be coming to a login form on my site, entering their email address at which point the login form would see how their account is set to login and redirect accordingly (or show the password field if the user isn't authenticating by SAML or oAuth).

So that the request has come to send the email address the user has already entered on the SP form so it can pre-fill the form on the IdP side, meaning the user doesn't have to type the details twice.

I understand this can be done with the <saml:Subject> information within the AuthnRequest, but I cannot see any way of being able to modify that data with the OneLogin library.

I'm probably just missing something really obvious from the GitHub repo docs, so can anyone point me in the right direction? Is it possible to add subject info to the request?

The code used to initiate the login from SP to IdP is pretty simple:

$samlConfig = SamlEntities::getConfig($idpCode, $applicationCode);
$auth = new \OneLogin_Saml2_Auth($samlConfig);

The SamlEntities::getConfig just combines the SP and IdP information from the database and config files where they're stored.

So I imagine if it can be done, this'll be the place to do it.

  • 写回答

1条回答 默认 最新

  • dongxinjun3944 2019-03-11 21:22

    The SAML request doesn't contain a Subject. Appreciate you've requested the user enter their user id to perform home realm discovery, but that won't carry across to Onelogin in the SAML request.

    However, this might work for you OneLogin - OIDC - Implicit Flow - login_hint

    本回答被题主选为最佳回答 , 对您是否有帮助呢?



    • ¥20 Java的kafka错误unknowHostException
    • ¥20 gbase 8a没有lisense,需要获取一个lisense
    • ¥15 前端的3d饼图不知道用啥框架做的
    • ¥15 三个问答题,很简单,都是关于网络安全
    • ¥15 算法问题 斐波那契数 解答
    • ¥15 VS2019 SPY++ 获取句柄操作
    • ¥15 Facebook 获取广告
    • ¥15 PID算法的输出结果如何转换成pwm
    • ¥15 java文本解密算法
    • ¥15 有没有办法等sql查询完成后执行下一步操作