I'm having trouble understanding how the Principal information is sent in the authentication request to the IDP (e.g. Azure AD) during the SSO authentication process.
I checked the AuthnRequest example shown in this Azure AD article, but it doesn't contain any information about the user that needs to be authenticated:
- we can perform single sign on configuration settings where we give redirect urls , upload saml certificate.
- SAML tokens contains information about the user known as claims. A claim is information that an identity provider states about a user inside the token they issue for that user. In SAML token, this data is prsented in \ SAML Attribute Statement.
- By default, the Microsoft identity platform issues a SAML token to your app that contains a NameIdentifier claim having value of the username ( user principal name) in Azure AD, which can uniquely identify the user. The SAML token also can contain additional claims like user’s email address, first name, and last name which can be configured in a section Attributes and claims , which are included in token .We can edit this section according to the claims required for the application about user principal.
References: