SOLVED

Skipping the home realm discovery Page

%3CLINGO-SUB%20id%3D%22lingo-sub-27161%22%20slang%3D%22en-US%22%3ESkipping%20the%20home%20realm%20discovery%20Page%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-27161%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3EWe%20have%20custom%20portal%20deployed%20on%20azure%20webapp%20with%20with%20ADAL%20.net%20Authentication.%20Please%20let%20us%20know%20if%20there%20is%20any%20way%20that%20we%20can%20avoid%20the%20O365%20Landing%20Page%20where%20user%20has%20to%20select%20his%20email%20to%20login.%20%26nbsp%3BWe%20need%20a%20seamless%20sso%20without%20even%20prompting%20the%20user%20to%20select%20the%20email.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3ESyed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-29658%22%20slang%3D%22en-US%22%3ERe%3A%20Skipping%20the%20home%20realm%20discovery%20Page%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-29658%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Jasjit.%20This%20worked%20as%20we%20are%20expecting%20!!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-27399%22%20slang%3D%22en-US%22%3ERe%3A%20Skipping%20the%20home%20realm%20discovery%20Page%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-27399%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Syed%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESkipping%20that%20is%20very%20much%20possible.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESee%20this%20article%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fblogs.technet.microsoft.com%2Fenterprisemobility%2F2015%2F02%2F11%2Fusing-azure-ad-to-land-users-on-their-custom-login-page-from-within-your-app%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fblogs.technet.microsoft.com%2Fenterprisemobility%2F2015%2F02%2F11%2Fusing-azure-ad-to-land-users-on-their-custom-login-page-from-within-your-app%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSTRONG%3EHow%20to%20do%20this%3F%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20implementation%20depends%20on%20the%20protocol%20you%20use%20to%20talk%20to%20Azure%20AD.%3C%2FSPAN%3E%3C%2FP%3E%3CUL%3E%3CLI%3E%3CSPAN%3EFor%20web%20applications%20that%20use%20the%20%3CSTRONG%3EOpen%20ID%20Connect%20protocol%3C%2FSTRONG%3E%2C%20simply%20add%20the%20following%20query%20string%20parameter%20to%20the%20sign-in%20URL%3A%20%3CSPAN%3E%26amp%3Bdomain_hint%3Dcontoso.com%3C%2FSPAN%3E%2C%20where%20contoso.com%20is%20the%20realm%20of%20the%20users%20who%20are%20expecting%20to%20sign%20in.%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3EFor%20web%20applications%20that%20use%20the%20%3CSTRONG%3EWS-Federation%3C%2FSTRONG%3E%20protocol%2C%20use%20%3CSPAN%3E%26amp%3Bwhr%3Dcontoso.com%3C%2FSPAN%3E%20instead.%3C%2FSPAN%3E%3C%2FLI%3E%3CLI%3E%3CSPAN%3EFor%20native%20applications%20built%20with%20our%20ADAL%20libraries%2C%20you%20need%20to%20pass%20the%20domain%20hint%20in%20the%20AquireToken%20construct.%20Check%20out%20%3CA%20href%3D%22http%3A%2F%2Fwww.cloudidentity.com%2Fblog%2F2014%2F11%2F17%2Fskipping-the-home-realm-discovery-page-in-azure-ad%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EVittorio%E2%80%99s%20blog%20post%3C%2FA%3E%20for%20more%20details.%20His%20post%20also%20provides%20guidance%20if%20you%E2%80%99re%20using%20our%20OWIN%20middleware.%3C%2FSPAN%3E%3CSPAN%3E%3CSPAN%3EFor%20web%20applications%20that%20use%20the%20%3CSTRONG%3ESAML%20Protocol%3C%2FSTRONG%3E%2C%20you%20need%20to%20send%20the%20hint%20as%20part%20of%20the%20SAML%20AuthN%20request.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3ENote%3A%20Seamless%20sign%20in%20without%20having%20to%20enter%20any%20credentials%20at%20all%20wont%20be%20possible%20since%20the%20Auth%20token%20is%20required%20for%20your%20app%20specifically.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3EHope%20this%20helps.%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3ERegards%2C%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E%3CSPAN%3EJasjit%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi All,

We have custom portal deployed on azure webapp with with ADAL .net Authentication. Please let us know if there is any way that we can avoid the O365 Landing Page where user has to select his email to login.  We need a seamless sso without even prompting the user to select the email.

 

Regards,

Syed

2 Replies
best response confirmed by Mudasar Syed (Contributor)
Solution

Hi Syed,

 

Skipping that is very much possible.

 

See this article: https://blogs.technet.microsoft.com/enterprisemobility/2015/02/11/using-azure-ad-to-land-users-on-th...

 

How to do this?

The implementation depends on the protocol you use to talk to Azure AD.

  • For web applications that use the Open ID Connect protocol, simply add the following query string parameter to the sign-in URL: &domain_hint=contoso.com, where contoso.com is the realm of the users who are expecting to sign in.
  • For web applications that use the WS-Federation protocol, use &whr=contoso.com instead.
  • For native applications built with our ADAL libraries, you need to pass the domain hint in the AquireToken construct. Check out Vittorio’s blog post for more details. His post also provides guidance if you’re using our OWIN middleware.For web applications that use the SAML Protocol, you need to send the hint as part of the SAML AuthN request.

 

Note: Seamless sign in without having to enter any credentials at all wont be possible since the Auth token is required for your app specifically.

 

Hope this helps.

 

Regards,

Jasjit

Thanks Jasjit. This worked as we are expecting !!!