SAML SSO: Avoid the "Pick an account" dialog

We're using the ITfoxtec Identity SAML 2.0 library version 4.8.8 with a .Net Core product, have implemented SSO successfully with Azure AD as the idP, and would like to avoid the "Pick an account" dialog. We have a custom login page that asks for the identity's email address and want to supply that value as the only valid identity to authenticate with.

We cannot use the Subject property of a Saml2AuthnRequest because AAD doesn't support it (https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-on-saml-protocol#authnrequest), and cannot find how to supply a login_hint. Any help is appreciated.

Solution

As of my knowledge Azure AD only support login_hint in OpenID Connect and do not support anything similar in SAML 2.0.

Similar functionality in SAML 2.0 is to add an NameID with the email format in the subject element. The functionality is supported by FoxIDs but not supported by Azure AD.

Require NSIS High in Authn Request
Tracing a call to a controller in .NET
AADSTS900235: SAML authentication request's RequestedAuthenticationContext Comparison value must be 'exact'. Received value: 'Minimum'
Why can't I get my ASP.NET web app to work with IT FoxTec SAML?
How can I watch a package called ITFoxTec and figure out how it's being called?
ITfoxtec.Identity.Saml2 library - is there a way to ignore invalid SAML signatures?
ITfoxtec.Identity.Saml2 Saml2LogoutRequest - NameQualifier and SPNameQualifier come up empty
ITfoxtec.Identity.Saml2 library hanging when fetching IdP metadata
Using multiple Id providers with ITfoxtec Identity SAML 2 library
SAML SSO: Avoid the "Pick an account" dialog
"A certificate chain could not be built to a trusted root authority." after upgrade to .NET 8
Metadata generation to include Organization details
itfoxtec-identity-saml2 Assertion Consumer Service Exception
Use ITfoxtec.Identity.Saml2 to login user
Is there a sample using ITfoxtec.Identity.Saml2 that implements integration with NemLog-in with logging and back-channel single logout?
Parsing Same Key Multi Value SAML2 claims using ITfoxtec.Identity.Saml2
What is required for Single Log Out with Okta using ITFoxtec.Identity.Saml2?
ArtifactResolve signed twice
Not HTTP POST Method in SingleLogOut Request
Can ITfoxtec SAML2 supprot multiple IdPs?
ITfoxtec SAML 4.8.8: Completely ignore validation of AuthnContext
AuthnRequest not being signed
There is no NameId in User Claims for performing Single Logout
ITfoxtec SAML 2.0 - Single Logout
SP Tried to perform SingleLogout received an error "HTTP Form does not contain SAMLRequest"
Is there a way to force my SAML service provider WebApp to use HTTP-POST instead of a Redirect?
Unable to use a crt certificate with itfoxtec saml2
ITfoxtec No RSA Private Key present in Signing Certificate
How do I figure out what my SAML error is being caused by?
How do I translate a .Net Core Startup.cs class to the new .NET Program.cs class?