Send UPN prefilled from ADC (SAML SP) to Azure AD (SAML IdP)

Stephane Thirion 0 Reputation points
2023-03-02T21:50:50+00:00

Hi

Question about Azure AD authentication after going through a AAA OAuth on a Citrix Netscaler, authentication is ok but when redirected to the AzureAD tenant the UPN need to be written again by the user. Is there anyway to send this information through ?

regards,

Stephane

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,297 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Sandeep G-MSFT 14,071 Reputation points Microsoft Employee
    2023-03-06T16:08:47.74+00:00

    @Stephane Thirion

    Usually when user tries to login to application, applicaiton sends the request to Azure AD for authentication. Here if application collects the user's UPN and then application is redirecting this information to Azure AD for authentication then the UPN of user will be autopopulated.

    If application has not collected any user's information and just redirects to Azure AD for authentication then user has to provide UPN again to the Azure AD authentication endpoint.

    It is application or client responsibility to share the user's UPN with Azure AD when request get's redirected to Azure AD.

    Below is the authentication flow that Azure AD as IDP uses,

    When a user tries to access a protected application, the SP evaluates the client request. If the client is unauthenticated, the SP redirects the request to the SAML Identity Provider (IdP). The SP also validates SAML assertions that are received from the IdP.

    The IdP receives requests from the SAML SP and redirects users to a logon page, where they must enter their credentials (Here if client has already passed the user information to Azure AD IDP, then user is not asked for UPN again). The IdP authenticates these credentials with the user directory and then generates a SAML assertion that is sent to the SP. The SP validates the token, and the user is then granted access to the requested protected application.

    Let me know if you have any further questions on this.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments No comments