This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 65%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
We have a central ADFS 2016 server, multiple claims providers (all ADFS). All authentication is handled by the other ADFS servers, nothing is done with the local ActiveDirectory claims provider.
Current behavior: Every time a user logs into any application/Relying Party, they are shown the home realm discovery screen. This occurs every time a user accesses a new relying party, even if they still have an active session with the central ADFS server This is frustrating.
Expected behavior: if a user with an active ADFS session clicks a link to a second RP, the user should not be shown Home Realm Discovery again. I would expect the initial HRD selection to persist for the duration of the active session only.
It appears that the HRDCookie could be used, but I would need the HRDCookieLifeTime to be set to less than 1 day - preferably expiring at the end of the user session.
Can this be done with the ADFS configuration, or do I need to break out my Javascript book and start manipulating cookies with a new webtheme?
Any ideas?
I believe the HRD cookie will be created by ADFS if it is the IDP authenticated the user. In your case it seems that the user is authenticated outside of ADFS.
If users are always coming from the same IDP, you could customized the relying party trust to redirect directly:
Set-AdfsRelyingPartyTrust -TargetName TestApp -ClaimsProviderName @("CustomCP1")
I think there is an option to configure how the HRD will work between two ADFS servers (configurable with Set-AdfsclaimsProviderTrust). I'll try to find out more about that if the first suggestion isn't a good fit.