diff --git a/controllers/saml.go b/controllers/saml.go
index 070bc2f8..325a165f 100644
--- a/controllers/saml.go
+++ b/controllers/saml.go
@@ -59,8 +59,10 @@ func (c *ApiController) HandleSamlRedirect() {
 
 	relayState := c.Input().Get("RelayState")
 	samlRequest := c.Input().Get("SAMLRequest")
+	username := c.Input().Get("username")
+	loginHint := c.Input().Get("login_hint")
 
-	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host)
+	targetURL := object.GetSamlRedirectAddress(owner, application, relayState, samlRequest, host, username, loginHint)
 
 	c.Redirect(targetURL, http.StatusSeeOther)
 }
diff --git a/object/saml_idp.go b/object/saml_idp.go
index d5055e87..01ffa760 100644
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -26,6 +26,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"net/url"
 	"strings"
 	"time"
 
@@ -547,7 +548,14 @@ func NewSamlResponse11(application *Application, user *User, requestID string, h
 	return samlResponse, nil
 }
 
-func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string) string {
+func GetSamlRedirectAddress(owner string, application string, relayState string, samlRequest string, host string, username string, loginHint string) string {
 	originF, _ := getOriginFromHost(host)
-	return fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
+	baseURL := fmt.Sprintf("%s/login/saml/authorize/%s/%s?relayState=%s&samlRequest=%s", originF, owner, application, relayState, samlRequest)
+	if username != "" {
+		baseURL += fmt.Sprintf("&username=%s", url.QueryEscape(username))
+	}
+	if loginHint != "" {
+		baseURL += fmt.Sprintf("&login_hint=%s", url.QueryEscape(loginHint))
+	}
+	return baseURL
 }