locked
Claims Provider Trust / SSO App / Defaulted Claims Provider RRS feed

  • Question

  • Hi all, we've got an ADFS3 farm and we're using it to access 3rd party vendors sites using SSO. It works great for our user population. That's going to change. We now want to publish some web apps so that other company's can access our apps using SSO. That's new for us as we're use to setting up Relying Party Trusts and not Claims Provider Trusts.

    Each app that we will publish will be unique and be accessible only by the company that the app is built for. I was reading about the Home Realm Discovery process and how an external user would get a home realm discovery screen where they would have to select their Identify Provider to authenticate against.

    Here's the question: When you set up an ADFS3 / SSO app of this type, is there any way to set the app so that it defaults to a specific Identify Provider/Claims Provider so that the user doesn't have to select an IDP or have to enter an email address so that the suffix identifies the IDP? I'm just looking to find out if ADFS3 can be set up so that if a user goes to an ADFS url such as  https://webapp.com/CompanyA , ADFS will know to use the CompanyA Identity Provider/Claims Provider. This concept would be used for multiple apps with multiple Idp's.

    Thanks in advance for any feedback.

    Tuesday, May 2, 2017 4:12 PM

Answers