AD FS: change default trust or bypass completely

Hi, We have set AD FS and SAML authentication for a few applications, not sure how correctly but it seems to be working. My first question is:

1.) We have 3 different Relying Party Trusts. When we log onto the first link, we are presented with all 3 trusts. How do I change the order that the trusts are presented. The hope here is that they can just click "go" rather than select the drop down.

2.) Even better would be to pass this selection list entirely. currently users have to log on twice - the purpose of setting up AD FS was for SSO, so this is not ideal. If we select the link associated with the correct Replying Party Trust I would expect it not to display the other 2 Trusts and go directly to the correct site.

I really hope I am explaining this ok. I will attach screenshots to help.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AmitIT ArchitectCommented:
You are using Idp initiated URL. Don't you have SP URL? I can give you very easy solution for your issue. If you are still monitoring this question, reply back, as I need some more info.
MongolianNoseFluteAuthor Commented:
hi - yes i am still looking for a resolution
MongolianNoseFluteAuthor Commented:
we are using idp initiated mode
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

AmitIT ArchitectCommented:
Test this for your Replicon SSO. Let me know the result.
AmitIT ArchitectCommented:
Your identifier is very long. Can you change it to Replicon or add Replicon and then use above URL.  You will be logged into app directly and will not be asked to select from drop down.
MongolianNoseFluteAuthor Commented:
Thanks Amit, when I click it I am asked for credentials then presented with the attached screen. When I click again it does not ask for credentials, however, if I close my browser and try again - I am again asked for credentials.
Should SSO not just take the currently logged on windows credentials and log in with them without prompting?

thanks for the help so far
AmitIT ArchitectCommented:
What claim attributes  you are relaying to this application? This way SSO works:

1) You have IDP and SP providers.
2) SP uses IDP claims to allow login to SSO app.
3) IDP provide need to relay claim attributes to SP.
4) SP uses those claim attributes and allow login to SSO.
Idp stands for identity provider
SP: Service provider

I assume you are relaying any claim attributes and your app is not using it. I also see .local, does that mean it is used for internal app?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.