What is the 'sign-on url' in a Windows Azure Active Directory application?

StackOverflow https://stackoverflow.com/questions/21284374

  •  01-10-2022
  •  | 
  •  

Question

I have configured my first application in Windows Azure Active Directory and everything works fine: I can login using accounts in my directory.

However, I'm not entirely clear on all the concepts yet, especially the sign-on url. The tooltip says:

The URL where users can sign in and use your app. You can change this later.

But users sign in somewhere on login.windows.net and furthermore, it doesn't matter what I enter here, authentication keeps working. So what is this 'sign-on url'?

Azure management portal screenshot

Was it helpful?

Solution

If you visit http://aka.ms/myapps, you'll find a long list of applications that have access to your account. If you click on these apps, you should be redirected to a home page where the sign-in process could be initialized. However, if the app doesn't declare a signInUrl in its manifest, you'll get an error that says the app is misconfigured.

something went wrong...
You cannot access this application because it has been misconfigured. Contact your IT department and include the following information:
Undefined Sign-On URL for application "BlahBlahBlah"

In the new Azure portal UI, the "SIGN-ON URL" is now called "Home page URL", which you can find under Branding in the app registration configuration.

OTHER TIPS

I can see why this may be confusing. I think you can look at this as the URL where the whole sign-in process starts (i.e. your app's URL, which, if they're not logged in, will sends them to login.windows.net).

Also, even if for now you might be able to enter anything and authentication still works, I'd try to make it point to the right place just in case things change in the future.

It appears to me that It has significance with respect to wsFederation realm value when user sign out and redirected to Active directory sign in page.

When you add your application to azure ad, it gives you client id and key. When you use that in MVC webappp, you will see that there is an entry like below in web.config: 

<system.identityModel.services>
    <federationConfiguration>
      <cookieHandler requireSsl="true" />
      <wsFederation passiveRedirectEnabled="true" issuer="https://login.windows.net/{some guid}/wsfed" realm="https://localhost:44304/" requireHttps="true" />
    </federationConfiguration>
  </system.identityModel.services>

Copy the value of user to sign-on url.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top