How to Hide a Relying Party from AD FS 3.0

Written on October 15, 2015

If you’ve set up AD FS before, you’ve probably seen this drop-down list that allows your users to select an application to log into. You may also have a particularly troublesome app that doesn’t work with this IdP initiated method of login. Using the steps below, we can hide one or more of the options from the AD FS 3.0 dropdown list.

Using the theming capabilities of AD FS 3.0, we can introduce some JavaScript that removes applications from the list as the page is loaded. I am not a web guy by any means, so my JavaScript isn’t great…but it works. Happy to accept corrections from anyone better than this at me.

Update, 3 Nov 2015: Like clockwork, someone's come up with a better option! Thanks to ![Andrew in the comments](/how-to-hide-a-relying-party-from-ad-fs-3-0/#comment-2339319804) for his great solution, it's a lot more slick than my initial approach.

Create a custom theme:

  New-AdfsWebTheme -Name MyCustomTheme -SourceName default

Download the custom theme

  New-Item -Type Directory C:\adfs\MyCustomTheme
  Export-AdfsWebTheme -Name default -DirectoryPath C:\adfs\myCustomTheme

Add the following to line 5 of the C:\adfs\MyCustomTheme\script\onload.js file:

  var dropDownList = document.getElementById('idp_RelyingPartyDropDownList');
  var itemsToRemove = ['Contoso App2', 'Contoso App3'];
  // if we found the dropdown
  if (dropDownList) {
    // Run through every item flagged for removal
    for (var i=0; i < itemsToRemove.length; i++ ) {
      // Recurse through each item in the dropdown
      for (var j=0; j < dropDownList.length; j++ ) {
        // check if the item matches
        if ( dropDownList.options[j].text == itemsToRemove[i] ) {
          dropDownList.remove(j);
        }
      }
    }
  }

Upload the custom theme to AD FS:

  Set-AdfsWebTheme -TargetName MyCustomTheme -AdditionalFileResource @{Uri='/adfs/portal/script/onload.js';path="C:\adfs\MyCustomTheme\script\onload.js"}

Then activate the custom theme:

  Set-AdfsWebConfig -ActiveThemeName MyCustomTheme

Easy as! Now when users load the page, they won’t see the two apps defined above:

Comments/questions

There's no commenting functionality here. If you'd like to comment, please either mention me (@[email protected]) on Mastodon or email me. I don't have any logging or analytics running on this website, so if you found something useful or interesting it would mean a lot to hear from you.