send Subject in SAML login flow
Ignacio Amoeiro Bosch
ignacio.amoeiro at extern.ibsalut.es
Fri Jan 14 17:07:09 UTC 2022
Thanks for response, Scott
De: users <users-bounces at shibboleth.net> En nombre de Cantor, Scott
Enviado el: viernes, 14 de enero de 2022 15:25
Para: Shib Users <users at shibboleth.net>
Asunto: DMARC ErrorRe: send Subject in SAML login flow
On 1/14/22, 6:04 AM, "users on behalf of Ignacio Amoeiro Bosch" <users-bounces at shibboleth.net on behalf of ignacio.amoeiro at extern.ibsalut.es> wrote:
> For this we want to use the SAML login flow, but we want to know if
> posible to add in the AuthRequest the already authenticated subject
> in the authn/Password Flow. So they don't need to ask again for the UserID. Is this achievable?
There is no support for populating the Subject element in a request. Technically that is close to the semantic that the element has in SAML, but it isn't used properly by any SAML IdPs other than Shibboleth so we do not facilitate the misuse of the standard by sending it. If we identified a situation where it wouldn't be misused we might consider it.
My impression is that the majority of solutions relying on SAML proxying for MFA do it by handling all of the factors, not just one of them. You offload authentication to them in total.
For Consortium Member technical support, see https://ddec1-0-en-ctp.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2fshibboleth.atlassian.net%2fwiki%2fx%2fZYEpPw&umid=c24184db-cb07-41fb-90b5-1a85f86f6dbc&auth=1c980b950b810d2ebe959a136e6fc6796ec23183-ce197232bb8f83d6a81ef888ef6aa35c520a13ef
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users