autofill username when it's hinted by the SP in a request parameter (MS Entra ID)

tvdijen · tvdijen · commit 180aba803486 · 2024-04-26T10:09:56.000+02:00
diff --git a/modules/saml/src/IdP/SAML2.php b/modules/saml/src/IdP/SAML2.php
@@ -345,6 +345,7 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
         }
 
         $authnRequestSigned = false;
+        $username = null;
 
         if ($request->query->has('spentityid') || $request->query->has('providerId')) {
             /* IdP initiated authentication. */
@@ -418,6 +419,8 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
                 );
             }
 
+            $username = $request->get('username', null);
+
             $issuer = $request->getIssuer();
             if ($issuer === null) {
                 throw new Error\BadRequest(
@@ -529,6 +532,7 @@ public static function receiveAuthnRequest(Request $request, IdP $idp): Response
             Auth\State::RESTART => $sessionLostURL,
 
             'SPMetadata'                  => $spMetadata->toArray(),
+            'core:username'               => $username,
             'saml:RelayState'             => $relayState,
             'saml:RequestId'              => $requestId,
             'saml:IDPList'                => $IDPList,
diff --git a/tests/modules/saml/src/IdP/SAML2Test.php b/tests/modules/saml/src/IdP/SAML2Test.php
@@ -48,7 +48,8 @@ class SAML2Test extends ClearStateTestCase
         'saml:NameIDFormat' => null,
         'saml:AllowCreate' => true,
         'saml:Extensions' => null,
-        'saml:RequestedAuthnContext' => null
+        'saml:RequestedAuthnContext' => null,
+        'core:username' => null,
     ];
 
 
