Accept a configurable login hint when acting as SAML v2 IdP

Problem

When FusionAuth is acting as a SAML v2 identity provider, it can accept a login_hint or a loginId parameter from the SAML service provider to pre-populate the username field of the login form. SAML doesn't define a standard parameter name for this, and there are systems that, when acting as a service provider, pass this login hint under a different parameter name. In these cases, FusionAuth isn't able to identify the login hint and use it in the username field.

Solution

• Add a field to the Application SAML configuration, which names the parameter that will carry the login hint on a SAML authn request
• If configured, accept a parameter of the provided name on a SAML authn request, and treat it as we do login_hint

Alternatives/workarounds

Request your SAML SP send the login hint as loginId or login_hint.

Related

• Configurable Parameters to be passed along from a 3rd Party via SAML. #1946

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

Documentation

• Application API
• Application UI walk through in core concepts
• Review any other SAML v2 doc we have to see if we mention this, or if we should.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.