login_hint?

[Wessel, Keith]

Vendor-dictated proprietary add-on... a very good point. Microsoft seemed tot hink it was a nice idea, and now others seem to be leveraging it. Go figure.

At the simplest level, certain parameters might be passed through in a way that they could be made available to the context in login.vm where they could be used as a pre-populated value for j_username.

Of course, some of us would want to do even crazier things like take those values and pass them on through our SAML proxy to ADFS or Azure AD. While getting them out of the context to do that wouldn't be tricky, appending them as parameters when Shibboleth sends the authn request to ADFS might be interesting. Is there a hook already in place for the SAML proxying that would allow addition of HTTP parameters sent with the request to the upstream IdP?

I'm nowhere near calling this a feature request. Just trying to understand how much it would take to get there. Thanks for humoring me on a Friday.

Keith


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Friday, January 21, 2022 2:27 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: login_hint?

Also, since it is not in fact precluded by the binding specifications, adding a feature to capture other named parameters and store them in a context is certainly a plausible feature-add.

Would I personally deploy this? Probably not, because I'd be letting a vendor dictate a proprietary add-on instead of pursuing it through proper standardization. But I'm not forced to deploy it.

-- Scott


-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!DZ3fjg!qRhXy6L6CbvAKYOK7F9YQUguReyqP7AHGw7SKepKDAmF-daaEWhjUWsYP2eDLGoe8A$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net