Request specific identity provider

Question

I have 2 relying party applications (1 and 2) which share the same 2 identity providers (A and B).

If a user logs in to application 1 using identity provider A, and then follows a link to application 2, they are shown the azure login page with a choice of which identity provider to use.
If they select identity provider A, they are automatically logged in, and redirected back to application 2.

What I would like to do is allow application 1 to pass a parameter to application 2 stating which identity provider the user logged into application 1 with.
When application 2 forwards the user to the azure login server, it should be able to pass a parameter to the azure server stating which identity provider to use, allowing the user to be logged in to application 2 without having to manually select the identity provider.

Is this possible?

It occurs to me that application 2 could request the "self-hosted login page" JSON feed, parse it, and decide which URL to forward the user to - but having to parse JSON seems a rather fragile approach.

Answer 1

Hi,

You can pass WHR parameter from your second application so that ACS would skip the home realm discovery page and redirects the user directly to the IDP. Similarly if user logs in to application 2 when navigating to application 1 from application 2 you could do the same.

The format of WHR should be "&whr=<Identity Provider Name>.

If you are redirecting through code just use HomeRealm Property of WS-FederationAuthentication module. Take a look at this documentation.

Alternatively if you want to host your own HRD page you can very well use Json for that. But for your scenario setting the home realm parameter should do the trick for you.

Please mark replies as Answered if they help and Vote if you found them helpful