无需重定向即可登录ADFS

Question

Is there a way to authenticate with ADFS without being redirected to the ADFS login page? Here is our situation.

We have an AngularJS app that uses ADFS for SSO. The app is a relying party to our AD that is also linked to O365 resources. Currently, it is working to where the user is redirected to the ADFS login page if not authenticated and redirects back to our app with the proper authorization code, which we then use to access the O365 resources via REST queries to display data (from Mail, Calendar, etc.) on our app.

We would like to remove the redirection step to ADFS so that the user stays on our app and has a seamless login experience. The ADFS page looks to be using form-based auth. I was wondering if there is a way to perform auth over http requests or some other method.

Answer 1

We built a portal page to handle ADFS authentication for external apps. The portal is registered in Azure using Access Control Services. Once you authenticate into the portal you can click a link to any of our O365 sites.

This section in the web.config does a passive redirect:

  <system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="false" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://{yourACSAccount}.accesscontrol.windows.net/v2/wsfederation" realm="https://{yourportal}" requireHttps="false" />
    </federationConfiguration>
  </system.identityModel.services>

Then the link on the portal that goes to O365 is linked to the adfs sign in page. The adfs sign in page then automatically redirects the user to SharePoint.

<a href="https://login.{yourDomain}/adfs/ls/?cbcxt=&popupui=&vv=&mkt=&lc=1033&wfresh=&wa=wsignin1.0&wtrealm=urn:federation:MicrosoftOnline&wctx=wa%3Dwsignin1%252E0%26rpsnv%3D2%26ct%3D1390418246%26rver%3D6%252E1%252E6206%252E0%26wp%3DMBI%26wreply%3Dhttps%253A%252F%252F{yourO365}%252Esharepoint%252Ecom%2fsites%2%26LoginOptions%3D3">

I hope that helps and or gets you closer to your goal.