Can I provide the username to use in a SAML request? (AD FS)

Question

When initiating a SAML authentication request (from the Service Provider), is there any way to give the Identity Provider a hint as to which username to use? In my application I know which user it wants to authenticate (based on a unique link the user clicked in an e-mail), and I'd like that username to be prefilled in the IdP's username box.

Using SAML 2.0 with Active Directory Federation Services (AD FS) 2.1.

Answer 1

Yes, you can use the optional <saml:Subject> field in the AuthnRequest message sent from the SP to the Idp to request a specific subject from the Idp. See section 3.4.1 in the SAML2 spec.

I have no idea if ADFS respects that field though.