Scripting home realm discovery rule

Introduction

Our customers usually need to add custom Home Realm Discovery (HRD) logics. One such example is to show an error page or to pick up a default Identity Provider when all previous HRD rules cannot determine a single Identity Provider.

Scripting HRD rule configuration

When you select to add the new Scripting HRD rule to the HRD list, the Home realm discovery script shows up. If you intend to use the Scripting rule as a fallback when all other rules fail to determine a single Identity provider, you need to place it at the end of the HRD pipeline.

The script setting:

You can have access to the following input parameters from the script:

• controllerContext: the current MVC's controller context. controllerContext.HttpContext gives you access to HttpContext which contains a lot of useful data.
• protocolConnection: the connection object of the service provider that initiates the current login request.
• authenticationConnections: the list of all authentication connections that the in use protocol connection can use.

In the following example, a service provider sends a login request with a WHR parameter. However, Identify cannot determine a single Identity provider that meets the WHR parameter (for example, it specifies a connection that does not exist). You can write an HRD script to show an error page:

if (authenticationConnections.Count != 1 && !string.IsNullOrEmpty(controllerContext.HttpContext.Request.Params.Get(WhrParameter.ParameterName)))
{
    var result = new ViewResult
    {
        ViewName = "HRDNoIdentityProviderDetermined",
        ViewData = {
            Model = new HRDNoIdentityProviderDeterminedViewModel
            {
                CustomTitle = string.Empty,
                CustomMessage = string.Empty
            }
        }
    };
    return result;
}

return null;

The default error view is:

Hosted forms

As usual, you can customize the error view either by editing its Razor file or using hosted form: