Is it possible to provide a hint of the user to authenticate (subject / nameId) to the IDP?

[jcaron23]

Hi,

In a scenario of mixed accounts (some local, some from SAML, or with accounts authenticated ), it is often desirable to have a two-step login: first ask for e-mail/username, then decide whether the user is local (ask for password) or should be authenticated via SAML.

In this last case, user sometimes needs to type his e-mail/username again. Is it possible to send a username to the IDP? The Subject element of AuthNRequest seems to be the way to go, but I don't see anyway to provide this info down the chain to the AuthNRequest constructor. Did I miss something?

Thanks!