Single Sign On With Azure AD with two URLs

2
votes

Assume I have 2 urls pointing to one website, just use site binding, example:

productname1.company.com
productname2.company.com

Our web application does single sign on to Azure Active Directory, and in Azure Application Configuration, I have put:

productname1.company.com

for SIGN-ON URL and REPLY URL:

enter image description here

If user comes to productname1.company.com, the Azure single sign on authentication works perfectly.

But if user comes to productname2.company.com, it does not work at all and redirect to login page of productname1.company.com.

How do I configure to make it works with productname2.company.com, I am using OWIN OpenIdConnect to do single sign on with Azure AD.

1
asp.net-mvcsingle-sign-onowinazure-active-directoryopenid-connect

1 Answers

4
votes

You can add productname2.company.com as a second Reply URL, and then have your app specify the appropriate Reply URL when it redirects to AAD.

You can do this in the RedirectToIdentityProvider Notification within the OpenIdConnectAuthenticationOptions used to configure OWIN OpenID Connect.

app.UseOpenIdConnectAuthentication(
   new OpenIdConnectAuthenticationOptions
   {
      Notifications = new OpenIdConnectAuthenticationNotifications()
      {
         RedirectToIdentityProvider = (context) =>
           {
              // This ensures that the address used for sign in and sign out is picked up dynamically from the request
              // this allows you to deploy your app (to Azure Web Sites, for example) without having to change settings
              // Remember that the base URL of the address used here must be defined as a Redirect URI in Ping beforehand.
              string appBaseUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.PathBase;
              string currentUrl = context.Request.Scheme + "://" + context.Request.Host + context.Request.Path;
              context.ProtocolMessage.RedirectUri = currentUrl;
              context.ProtocolMessage.PostLogoutRedirectUri = appBaseUrl;
           }
      }
   }