Set <saml:Subject> on AuthnRequest

[suchitagarwal]

In my flow, a user first enters their email on my website, and then, if they are eligible to use SSO, are redirected to the IdP. However, the user has to re-enter their email on the IdP if they are not logged in. I know that AuthnRequest has a field <saml:Subject> that can be used to give the IdP a hint on what email id to use, but I couldn’t find a way to set it on the request using passport-saml. Am I missing something or is this not supported yet?

[markstos]

No one is monitoring the issue queue for questions. Try the power of grep to search the source code for AuthnRequest and Subject to see what you find. If this is a spec-compliant feature that we don't implement yet, a PR is welcome.

[rubicola]

I also wanted this functionality for a multisaml strategy where users enter their email address on my website and then are redirected to a IdP if they are identified as a saml user.

Assuming that your IdP allows for login hints, I was able to pass the email to the Idp to auto-populate the username field, by setting a login hint here:

yield passport.authenticate(
		'saml',
		{
			additionalParams: {
				login_hint: username
			},
		},

where username is the email. I found that it worked for my IdP only if the email address was an existing user in the idp.