How to send the NameID (email address) in SAML2 request using ITfoxtec.Identity.Saml2.Mvc to be prefilled on sign in page?

Question

I am using ITfoxtec.Identity.Saml2.Mvc version 4.7.1, .Net Framework version 4.7.2, and Duo Security for my IDp.

I've already tried this solution. When I use this example, it returns a Saml2AuthnResponse with a status of Responder.

I have also tried adding Format to the NameID as shown below. I have confirmed that the format matches the setting in Duo Security.

var config = new Saml2AuthnRequest(IdentityConfig.Saml2Configuration)
     {
          Subject = new Subject { NameID = new NameID { ID = form.EmailAddress, 
          Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" } }
     }; 

And tried added it this way:

     var config = new Saml2AuthnRequest(IdentityConfig.Saml2Configuration)
          {
               NameId = new Saml2NameIdentifier(form.EmailAddress),
          };

Which does return a success status but it then redirects to a page to enter the email address. I am wanting it to go straight to the password input page.

Answer 1

Your code looks correct:

new Saml2AuthnRequest(IdentityConfig.Saml2Configuration)
{ 
    Subject = new Subject 
    { 
        NameID = new NameID 
        {
            ID = form.EmailAddress, 
            Format = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        }
    }
}; 

You are getting the Responder status from Duo Security, which means they have experienced an error. I think you need to ask Duo Security what error they are experiencing and what they support.