MongolianNoseFlute
asked on
AD FS: change default trust or bypass completely
Hi, We have set AD FS and SAML authentication for a few applications, not sure how correctly but it seems to be working. My first question is:
1.) We have 3 different Relying Party Trusts. When we log onto the first link, we are presented with all 3 trusts. How do I change the order that the trusts are presented. The hope here is that they can just click "go" rather than select the drop down.
2.) Even better would be to pass this selection list entirely. currently users have to log on twice - the purpose of setting up AD FS was for SSO, so this is not ideal. If we select the link associated with the correct Replying Party Trust I would expect it not to display the other 2 Trusts and go directly to the correct site.
I really hope I am explaining this ok. I will attach screenshots to help.
1.) We have 3 different Relying Party Trusts. When we log onto the first link, we are presented with all 3 trusts. How do I change the order that the trusts are presented. The hope here is that they can just click "go" rather than select the drop down.
2.) Even better would be to pass this selection list entirely. currently users have to log on twice - the purpose of setting up AD FS was for SSO, so this is not ideal. If we select the link associated with the correct Replying Party Trust I would expect it not to display the other 2 Trusts and go directly to the correct site.
I really hope I am explaining this ok. I will attach screenshots to help.
You are using Idp initiated URL. Don't you have SP URL? I can give you very easy solution for your issue. If you are still monitoring this question, reply back, as I need some more info.
ASKER
hi - yes i am still looking for a resolution
ASKER
we are using idp initiated mode
Test this for your Replicon SSO. Let me know the result.
https://svm1415140115.mosaic.local/adfs/ls/idpinitiatedsignon.aspx?loginToRp=Replicon
https://svm1415140115.mosaic.local/adfs/ls/idpinitiatedsignon.aspx?loginToRp=Replicon
Your identifier is very long. Can you change it to Replicon or add Replicon and then use above URL. You will be logged into app directly and will not be asked to select from drop down.
ASKER
Thanks Amit, when I click it I am asked for credentials then presented with the attached screen. When I click again it does not ask for credentials, however, if I close my browser and try again - I am again asked for credentials.
Should SSO not just take the currently logged on windows credentials and log in with them without prompting?
thanks for the help so far
25-06-2015-09-19-45.png
Should SSO not just take the currently logged on windows credentials and log in with them without prompting?
thanks for the help so far
25-06-2015-09-19-45.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.