This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 46%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
I want to bypass HRD page on ADFS. Some of my RP already has parameter like login_hint for openID Connect and RedirectToIdentityProvider for WS Federation.
But one RP should direct users to different external IPs depending on their login. We don't use Active Directory and all applications - are web services. So we use ws passive only.
My Idea is customize onload.js to use login and pass it throught web service to discover the ToIdentityProviderUri, then bypass HRD page.
I would be grateful for any outline of this file. Also questions, other RP should ignore this logic?
Am I in the right direction?
Or may be is another approach to archive this behaviour?
Hi! Just to make sure, you have you look at this already: https://video2.skills-academy.com/en-us/windows-server/identity/ad-fs/operations/home-realm-discovery-customization there are built-in way to by pass the HRD in certain contexts.
I publish some custom modification back in the days, in case that helps too: https://video2.skills-academy.com/en-us/archive/blogs/pie/customize-the-home-realm-discovery-page-to-ask-for-upn-right-away.
If none of these helps, you can give us an example of what the complete URL look like and we can probably assist you with the JavaScript bit.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 33%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
Very similar to my question. However, I can’t check it, because My previous account is blocked. Thanks for the answer. But I realized that this scenario will not solve my problem. I had a very simple scenario, which, as I understand it, is impossible to implement. I have a site in SSO that asks for the user's Email, which determines the IdentityProvider required for it. It seemed the whr and RedirectToIdentityProvider parameters for ADFS in particular, are just for this, however, if the user already has a cookie in ADFS through another site in SSO, and does not have an authentication cookie on my site, I can’t determine if this user already has a session in SSO or not, and therefore I am forced to start the authentication process from the beginning, so I had this question above. I thought that I would always direct the user to ADFS and determine the IP choice for the user on the ADFS side.
But the problem of checking cookies remains...
Anyway. Thanks for the answer!
Very similar to my question. However, I can’t check it, because My previous account is blocked. Thanks for the answer. But I realized that this scenario will not solve my problem. I had a very simple scenario, which, as I understand it, is impossible to implement. I have a site in SSO that asks for the user's Email, which determines the IdentityProvider required for it. It seemed the whr and RedirectToIdentityProvider parameters for ADFS in particular, are just for this, however, if the user already has a cookie in ADFS through another site in SSO, and does not have an authentication cookie on my site, I can’t determine if this user already has a session in SSO or not, and therefore I am forced to start the authentication process from the beginning, so I had this question above. I thought that I would always direct the user to ADFS and determine the IP choice for the user on the ADFS side.
But the problem of checking cookies remains...
Rise a new service inside ADFS insance, to avoid the authorization probs...
So, all was finished with a changing a busines model...
Anyway. Thanks for the answer!