Replies: 2 comments 4 replies
-
your best chance is to implement a custom discovery page that sets a cookie that retains the IDP choice |
Beta Was this translation helpful? Give feedback.
4 replies
-
Thank you.
Sent from the all new AOL app for iOS
On Friday, November 15, 2024, 3:17 AM, Thomas Åkesson ***@***.***> wrote:
I am not sure I understand. We have no problem with our choice of IDP / discovery. The problem is later, on the Entra ID side if a user has multiple Entra ID accounts logged in. The "additional" Entra ID accounts usually have nothing to do with us (could be the local soccer club or a personal MS account).
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Users with multiple Entra ID accounts get the account selection screen. This is good the first time but annoying when reauthenticating, especially on some servers where we have been requested to reduce OIDCSessionInactivityTimeout (due to compliance).
I suppose login_hint can help during reauthentication, correct? Would be great if anyone can share experience with configuring login_hint.
Is there any automatic handling of login_hint built into mod_auth_openidc during reauthentication?
We have a setup with multiple OP (2 Entra tenants) with a OIDCDiscoverURL short-circuit to the main OP. I am not sure it if is possible to have a discover page in order to get the login_hint from the expired JWT claim.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions