{"id":3065,"date":"2014-11-17T08:43:21","date_gmt":"2014-11-17T16:43:21","guid":{"rendered":"http:\/\/www.cloudidentity.com\/blog\/?p=3065"},"modified":"2014-11-17T08:43:22","modified_gmt":"2014-11-17T16:43:22","slug":"skipping-the-home-realm-discovery-page-in-azure-ad","status":"publish","type":"post","link":"https:\/\/www.cloudidentity.com\/blog\/2014\/11\/17\/skipping-the-home-realm-discovery-page-in-azure-ad\/","title":{"rendered":"Skipping the Home Realm Discovery Page in Azure AD"},"content":{"rendered":"

A typical authentication transaction with Azure AD will open with a  generic credential gathering page. As the user enters his\/her username, Azure AD figures out from the domain portion of the username if the actual credential gathering should take place elsewhere (for example, if the domain is associated with a federated tenant the actual cred gathering will happen on the associated ADFS pages) and if it\u2019s the case it will redirect accordingly.<\/p>\n

Sometimes your app logic is such that you know in advance whether such transfer should happen. In those situations you have the opportunity to let our libraries (ADAL or the OWIN middlewares for OpenId Connect\/WS-Federation) know where to go right from the start.<\/p>\n

In OAuth2 and OpenId Connect you do so by passing the target domain in the \u201cdomain_hint\u201d parameter.
In ADAL you can pass it via the following:<\/p>\n

AuthenticationResult ar =\n    ac.AcquireToken(\"https:\/\/developertenant.onmicrosoft.com\/WebUXplusAPI\"<\/span>,\n                    \"71aefb3b-9218-4dea-91f2-8b23ce93f387\"<\/span>,\n                    new<\/span> Uri(\"http:\/\/any\"<\/span>), PromptBehavior.Always, <\/pre>\n
                    UserIdentifier.AnyUser, \"domain_hint=mydomain.com\"<\/font><\/span>);\n<\/pre>\n