By: Maniganda Prakash Kannan Account Admin 14 Nov 2018 at 6:31 p.m. CST

2 Responses
Maniganda Prakash Kannan gravatar
#### <u>Gone through following links:</u> https://gluu.org/docs/ce/3.1.4/authn-guide/passport/#preselecting-an-external-provider https://gluu.org/docs/ce/3.1.4/authn-guide/inbound-saml-passport/#altering-flow-behaviour <br> #### <u> What I understood?</u> Below request needs to be triggered which has `preselectedExternalProvider` param after adding in oxauth config and custom script config as explained in the link https://gluu.org/docs/ce/3.1.4/authn-guide/passport/#preselecting-an-external-provider ``` https://<domain-name>/oxauth/authorize.htm?response_type=code+...&client_id=... &scope=openid+...&redirect_uri=...&state=... &acr_values=passport_social &preselectedExternalProvider=<base64-url-encoded-provider-object> ``` <br> #### <u>Questions:</u> 1. My web application collects user email id for some validation and generates SAML request (AuthnRequest) and redirects to Gluu, based on the email id collected I know the IDP name as in passport-saml-config.json so where do I add `preselectedExternalProvider`? I tried with query param as shown but still selection page is displayed. `https://<mygluu>.com/idp/profile/SAML2/Redirect/SSO?SAMLRequest=abc...&preselectedExternalProvider=<base64-url-encoded-provider-object>` As per passport_saml jython code, if below paramValue is null then selection page will be displayed, how do I pass <u>preselectedExternalProvider</u> param as part of SAML request? `paramValue = sessionAttributes.get(providerParam)` <br> 2. Or Instead of SAML request, the SP just needs to generate the below URL and redirect the browser to that? ``` https://<domain-name>/oxauth/authorize.htm?response_type=code+...&client_id=... &scope=openid+...&redirect_uri=...&state=... &acr_values=passport_social &preselectedExternalProvider=<base64-url-encoded-provider-object> ```

By Jose Gonzalez staff 15 Nov 2018 at 9 a.m. CST

Jose Gonzalez gravatar
Hi Maniganda, IDP preselection is meant to be triggered by an OpenID authorization request, so your last statement is the way to go: > Or Instead of SAML request, the SP just needs to generate the below URL and redirect the browser to that? however, account you must use `acr=passport_saml`

By Maniganda Prakash Kannan Account Admin 18 Nov 2018 at 6:01 p.m. CST

Maniganda Prakash Kannan gravatar
Ok, thanks.