How to Hide a Relying Party from AD FS 3.0

If you’ve set up AD FS before, you’ve probably seen this drop-down list that allows your users to select an application to log into. You may also have a particularly troublesome app that doesn’t work with this IdP initiated method of login. Using the steps below, we can hide one or more of the options from the AD FS 3.0 dropdown list.

Using the theming capabilities of AD FS 3.0, we can introduce some JavaScript that removes applications from the list as the page is loaded. I am not a web guy by any means, so my JavaScript isn’t great…but it works. Happy to accept corrections from anyone better than this at me.

  1. Create a custom theme:
  New-AdfsWebTheme -Name MyCustomTheme -SourceName default
  
  1. Download the custom theme
  New-Item -Type Directory C:\adfs\MyCustomTheme
  Export-AdfsWebTheme -Name default -DirectoryPath C:\adfs\myCustomTheme
  
  1. Add the following to line 5 of the C:\adfs\MyCustomTheme\script\onload.js file:
  var dropDownList = document.getElementById('idp_RelyingPartyDropDownList');
  var itemsToRemove = ['Contoso App2', 'Contoso App3'];
  // if we found the dropdown
  if (dropDownList) {
    // Run through every item flagged for removal
    for (var i=0; i < itemsToRemove.length; i++ ) {
      // Recurse through each item in the dropdown
      for (var j=0; j < dropDownList.length; j++ ) {
        // check if the item matches
        if ( dropDownList.options[j].text == itemsToRemove[i] ) {
          dropDownList.remove(j);
        }
      }
    }
  }
  
  1. Upload the custom theme to AD FS:
  Set-AdfsWebTheme -TargetName MyCustomTheme -AdditionalFileResource @{Uri='/adfs/portal/script/onload.js';path="C:\adfs\MyCustomTheme\script\onload.js"}
  
  1. Then activate the custom theme:
  Set-AdfsWebConfig -ActiveThemeName MyCustomTheme
  

Easy as! Now when users load the page, they won’t see the two apps defined above:

Written on October 15, 2015