I've implemented the OneLogin PHP SAML library and everything works well, but have had someone ask if it's possible to be able to send the email address/username from the SP-initiated login to the IdP.
You see, at the moment the user's login flow would be coming to a login form on my site, entering their email address at which point the login form would see how their account is set to login and redirect accordingly (or show the password field if the user isn't authenticating by SAML or oAuth).
So that the request has come to send the email address the user has already entered on the SP form so it can pre-fill the form on the IdP side, meaning the user doesn't have to type the details twice.
I understand this can be done with the
<saml:Subject> information within the
AuthnRequest, but I cannot see any way of being able to modify that data with the OneLogin library.
I'm probably just missing something really obvious from the GitHub repo docs, so can anyone point me in the right direction? Is it possible to add subject info to the request?
The code used to initiate the login from SP to IdP is pretty simple:
$samlConfig = SamlEntities::getConfig($idpCode, $applicationCode); $auth = new \OneLogin_Saml2_Auth($samlConfig); $auth->login();
SamlEntities::getConfig just combines the SP and IdP information from the database and config files where they're stored.
So I imagine if it can be done, this'll be the place to do it.