* Mark <
drabb...@gmail.com> [2017-11-17 16:53]:
> However, when the user enters their email address in our app's
> sign-in page
FWIW, NISO recommends a different approach, cf.
https://discovery.refeds.org/
> and we redirect them to ADFS, I would like to have that same email
> address pre-populated in the ADFS sign-on page. I have seen this
> working with other applications like Office365 and the users email
> was passed as a GET parameter in the URL. How can this be
> configured in simplesamlphp?
If the SP is SimpleSAMLphp and the protocol to use between the SP and
the IDP is SAML 2.0 then it's not allowed by the spec to pass
arbitrary parameters with the SAML 2.0 authentication request, AFAIR.
(If the spec isn't clear you can ask for guidance on the saml-dev list
provided by OASIS.)
The only spec-legal way to send "other stuff" is by creating an
extension within the SAML authentication request and of course
modifying the RP (here the ADFS IDP, so good luck with that) to pull
the data out of the extension.
-peter