ComponentSpace

Forums



Azure AD and "Choose Account" Screen


Azure AD and "Choose Account" Screen

Author
Message
clorenzo
clorenzo
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 8
Hi,

We are using your product as SP in a multi tenant setup. There is a scenario where for a certain domain/tenant, an user could have multiple accounts logged in. So when attempting to initiate SSO (SP-initiated), Azure is picking the wrong user making the process to fail (that account doesnt have access to the app). We already tried using Subject/RequestedUsername (under the SSOOptions object) but they arent supported by azure so it also fails. Is there anyway to instruct Azure to at least display the "choose account" screen instead of "auto pick" one?

Thanks,
Carlos 

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Hi Carlos,

You can set SSOOptions.ForceAuthn to true. This sets the ForceAuthn flag in the authn request which requests that the identity provider authenticates the user even if there's already an authentication session. According to the Azure documentation, this flag is supported.

https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol 

Regards
ComponentSpace Development
clorenzo
clorenzo
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 8
ComponentSpace - 12/17/2021
Hi Carlos,

You can set SSOOptions.ForceAuthn to true. This sets the ForceAuthn flag in the authn request which requests that the identity provider authenticates the user even if there's already an authentication session. According to the Azure documentation, this flag is supported.

https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol 

That did the trick, thanks!
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome. Thanks for the update.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search