doutan2456 2019-02-19 11:44
浏览 227
已采纳

从SP发起的登录发送用户名到预填充IdP登录表单?

I've implemented the OneLogin PHP SAML library and everything works well, but have had someone ask if it's possible to be able to send the email address/username from the SP-initiated login to the IdP.

You see, at the moment the user's login flow would be coming to a login form on my site, entering their email address at which point the login form would see how their account is set to login and redirect accordingly (or show the password field if the user isn't authenticating by SAML or oAuth).

So that the request has come to send the email address the user has already entered on the SP form so it can pre-fill the form on the IdP side, meaning the user doesn't have to type the details twice.

I understand this can be done with the <saml:Subject> information within the AuthnRequest, but I cannot see any way of being able to modify that data with the OneLogin library.

I'm probably just missing something really obvious from the GitHub repo docs, so can anyone point me in the right direction? Is it possible to add subject info to the request?

The code used to initiate the login from SP to IdP is pretty simple:

$samlConfig = SamlEntities::getConfig($idpCode, $applicationCode);
$auth = new \OneLogin_Saml2_Auth($samlConfig);
$auth->login();

The SamlEntities::getConfig just combines the SP and IdP information from the database and config files where they're stored.

So I imagine if it can be done, this'll be the place to do it.

  • 写回答

1条回答

      报告相同问题?

      相关推荐 更多相似问题

      悬赏问题

      • ¥15 android object box 一个实体多个表怎么写
      • ¥15 temux 启用docker 服务失败
      • ¥15 Flask 使用celery发送邮件出现‘目标计算机积极拒绝‘
      • ¥60 老人用的sd卡在手机里面不知道操作了什么,导致图片和视频变成了文件,取下sd卡连接电脑就是图中的样子,后缀改为.jpg才可以,需要用系统的画图软件才能打开,文件属性还是文件,有没有批量操作的解决办法
      • ¥15 超时跳出方法代码的返回值问题
      • ¥15 汇编语言程序设计设计,ascii码求数,再求数的BCD码
      • ¥30 Mask rcnn训练自己的数据集出现问题!
      • ¥20 研究人工智能时的几个问题
      • ¥15 mysql的sql查询写法问题
      • ¥15 Python中导入模块中的函数运行出错