How to customize AuthnRequest by scripting

Scenario: Any Service Provider -> Identify -> SAML 2.0 Identify Provider
In this login flow, Identify needs to send an AuthnRequest to an Identify Provider. The purpose of this task is to allow a customer to easily customize the AuthnRequest object right after it is created. You can view this as a PostAuthnRequestCreated event.

In this demonstration, we will use ADFS as Identity Provider


The AuthnRequest object that is highlighted above is the target we need to customize by scripting. Assume that we already set up a SAML 2.0 Protocol Connection for Service Provider and a SAML SignOn Authentication for ADFS in Identify Web Administration—Connections.

Click on ADFS Local to open the edit connection page, and then scroll to the bottom.



There is an AuthnRequest object customization text box that we can input our customization script to modify the AuthnRequest object right after it is sent to  Identity Provider. At first, let this text box empty and perform a SignOn action:


and then capture the SAMLRequest parameter and decode it.


Now let's go back to edit the ADFS Local connection and adjust the AssertionConsumerServiceIndex property.



Save & Close and make a SignOn action again like below:


and see what is sent to ADFS Local. As what you see, the AuthnRequest has one more attribute, AssertionConsumerServiceIndex, and its value is 1.


Try to adjust the ProtocolBinding property.


And this is the result:


Available AuthnRequest properties that could be customized are as follows: