I use SimpleSAML to allow users to authenticate into my application using Microsoft or Google accounts. Most clients use Microsoft, so the SAML SingleSignOnService URL binding becomes something like:
https://login.microsoftonline.com/ClientID/[email protected]'
Microsoft accepts the login_hint variable, allowing the email address to be entered within my own login page, before forwarding to the Microsoft authentication page as appropriate. Doing this means users head straight to the password box and do not need to re-enter their email.
I am trying to achieve the same with Google. There is documentation around the login_hint parameter working as part of the OAuth login process, but I am struggling to find this for SAML. Trying the below URL, similar to the one that works for Office 365 throws an error, that the URL doesn't match the URL expected:
https://accounts.google.com/o/saml2/idp?idpid=ClientID&[email protected]
The exact error displayed is then "Error parsing the request, SAML message intended destination endpoint did not match recipient endpoint"
Any one have any bright ideas of how to make this work? Sticking with SAML is a must.
