Use Office365 Username for populating IdP login form

Peter Schober peter.schober at
Mon Apr 1 06:06:39 EDT 2019

* Martin Haase <Martin.Haase at> [2019-04-01 11:30]:
> > Given these factors (leaking data to the SP that may be private to the
> > IDP;
> hmmm. After AuthN, the O365 SP gets the IDPEmail / Username anyway, no?

What a subject enters at login time at the IDP (or on their desktop,
if using SPNEGO/Kerberos) and what is released to a given SP have no
direct relationship.
My IDP may not even support logging in with the identifier a given SP
expects in the SAML response (and that's none of the SP's business),
so clearly what I enter and what they get can (and sometimes have to)
be different.

> How exactly would this work with MS Office Products that fire up an
> embedded browser, even without a URL field?

I was commenting on the integration strategy in general, not the
(in)ability of specific M$ products.

If M$ don't allow use WAYFless URLs and forces use of their discovery
service on every login things are even more broken than I could have
But I have never used that service myself nor do I intend to do so.


More information about the users mailing list