Open oakmegaeddie opened 1 year ago
you can just have the email attribute in your SP metadata as isRequired=True, then your ACS will receive this
otherwise the subject name id instead of transient or persistent could be set to email, but I suggest to you the first solution because is more flexible with different idp configurations, since not all the idp supports the email as subject id
Hi, I am looking to implement SSO login using djangosaml2.
The login process is as follows:
I need to verify whether the email that the user inputted (in step 1) is the same as the email in the SAML response (in step 4). Is it possible to include the email in the SAML request (in step 2) and retrieve it in the ACS (in step 5)?