Bypass redirection to AzureAD login page when using SSO from SP side

Copper Contributor

We are using azure as IDP provider with our app.
Using python + saml2 (package is onelogin_saml2)

Each time a user is authenticating via our app to azure - he is redirected to azure login page to re-enter his password, even though user is logged in to azure already.
We were able to add the email in azure login page using login_hint as a url parameter but we have no success with bypassing the login page.

We have tried adding domain_hint (result = no change, still directing to login page),
using is_passive argument (resulting in "InteractionRequiredAuthError: AADSTS50058: A silent sign-in request was sent but no user is signed in" - happens both in incognito mode and regular mode),
setting HomeRealmDiscoveryPolicy, all three options that mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-authentication-for-fed... (result- no change).
We also found a suggestion on using ssoSilent (https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-sso#automatically-select-acc... ) but looks like it is only supported with JS and we need a pythonic solution.

as an example, we are also using another IDP and in that case we could simply change the application setting on the IDP site to “silent login", which solved the problem of re-asking for password.

is there is a solution in azure website/ some pythonic solution using onelogin_saml2 package to achieve this ?

Thanks.

0 Replies