Domain hint in Azure AD authentication

kon · August 29, 2023, 7:11am

For logging in to Jenkins via the Azure AD plugin, is it possible to configure a domain hint like Microsoft describes under Home Realm Discovery policy - Microsoft Entra | Microsoft Learn?

This would let Azure AD skip asking which identity to use, when the user has logged in to Azure AD with an identity from our company and also with an identity from a partner company. The Azure app registration for the Jenkins instance has already been configured as supporting accounts from “My organization only”, so if the user chooses the other identity, then the login fails (“Selected user account does not exist in tenant”).

kon · August 29, 2023, 7:23am

The domain_hint query parameter doesn’t seem to be natively supported in https://github.com/scribejava/scribejava/tree/scribejava-8.3.3/.

kon · August 29, 2023, 12:59pm

The domain_hint query parameter would apparently have to be added via Map<String, String> additionalParams, but the Azure AD plugin doesn’t do that in https://github.com/jenkinsci/azure-ad-plugin/blob/86ce2927994787fccba21bf6896385e5ad1745cf/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java#L315-L319. So, the Azure AD plugin doesn’t currently support a domain hint, but the feature would be straightforward to add.

Topic		Replies	Views
Enable SSO on Jenkins using Azure AD Using Jenkins question	0	413	November 27, 2023
I'm working on a new 'user / group' picker for the Azure AD plugin Showing Off	6	775	June 17, 2021
Unable to trigger jenkins remotely after integrated successfully with Azure AD Using Jenkins	6	1468	January 24, 2024
Add New User through Azure Active Directory Ask a question question	1	117	March 26, 2024
Jenkins Azure AD fails to pull objects Using Jenkins	1	710	September 10, 2022

Domain hint in Azure AD authentication

Related Topics