Forum Discussion
NimbostratusSAML SP support for Azure domain hinting?
Hi all.
One of my virtual servers is currently acting as an SP for Azure, and works, but I am trying to add some additional functionality to make the login experience a little bit more streamlined.
I have been trying to determine if APM supports domain hinting in the SAML AuthN request, that can then be used by Azure to bypass the initial login page. The idea is to go straight to our company's branded IdP Azure service, instead of having to perform realm discovery.
According to the Azure documentation, the SAML attributes I need are specified below, but I see no way to add this to the IdP connector.
12.1.2 is currently installed on this box.
Does anyone know if this is possible?
Jad_Tabbara__J1Cirrostratus
Hello,
Yes it is possible to play the HINT (I have tried only static hints).
Go to "Access > Federation > SAML Service Provider > External IDP Connectors" select your IDP and Edit the "Single Sign On Service Settings".
Then set your hint at the end of the following URL:
"https://login.microsoftonline.com/xxxxxxxxxxxxx/saml2/?login_hint=generic@domain.com"
Regards
Jad
- Jad_Tabbara__J1
Hello,
You can now use the following code, to make the Azure hinting.
https://devcentral.f5.com/s/articles/Bypass-Azure-Login-Page-by-adding-a-login-hint-in-the-SAML-Request?page=1
You can also adapt the code if you want to make "Domain" hinting and not "email address" hinting.
Regards
Jad