Domain hint in Azure AD authentication

kon · August 29, 2023, 7:11am

For logging in to Jenkins via the Azure AD plugin, is it possible to configure a domain hint like Microsoft describes under Home Realm Discovery policy - Microsoft Entra | Microsoft Learn?

This would let Azure AD skip asking which identity to use, when the user has logged in to Azure AD with an identity from our company and also with an identity from a partner company. The Azure app registration for the Jenkins instance has already been configured as supporting accounts from “My organization only”, so if the user chooses the other identity, then the login fails (“Selected user account does not exist in tenant”).

kon · August 29, 2023, 7:23am

The domain_hint query parameter doesn’t seem to be natively supported in https://github.com/scribejava/scribejava/tree/scribejava-8.3.3/.

kon · August 29, 2023, 12:59pm

The domain_hint query parameter would apparently have to be added via Map<String, String> additionalParams, but the Azure AD plugin doesn’t do that in https://github.com/jenkinsci/azure-ad-plugin/blob/86ce2927994787fccba21bf6896385e5ad1745cf/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java#L315-L319. So, the Azure AD plugin doesn’t currently support a domain hint, but the feature would be straightforward to add.

Topic		Replies	Views
Jenkins with Azure AD authentication Ask a question	5	564	July 10, 2024
Enable SSO on Jenkins using Azure AD Using Jenkins question	0	773	November 27, 2023
I'm working on a new 'user / group' picker for the Azure AD plugin Showing Off	6	915	June 17, 2021
Add New User through Azure Active Directory Ask a question question	1	339	March 26, 2024
Adding user into AzureAd Matrix AuthorizationStrategy via jenkins job Community question , pipeline	11	56	September 16, 2024

Domain hint in Azure AD authentication

Related topics