Hi!

We are trying to setup federated security at a customer with a multi site solution. We have followed the documentation here: 

http://world.episerver.com/documentation/Items/Developers-Guide/Episerver-CMS/9/Security/federated-security/

We have got it working in the test enviroment, but I have some questions about what is possible and not with ADFS. 

Lets say we have site A and site B. I visit https:///episerver/cms. I get redirected to the ADFS, because of access denied when trying to access edit mode, and type in username and password at the ADFS login page. After I click "Sign in", I get redirected back to https:///episerver/cms and I'm in editor mode. So far so good. 

I now visit https:///. The site doesn't see that I'm authenticated, but after I visit https:///episerver/cms I get redirected to the ADFS and right away back to https:///episerver/cms/ without having to type my username and password again. Thats great! 

But is it possible to sign in on Site A and automatically be authenticated when I visit Site B? Without triggering the jump to and from the ADFS? Both Site A and Site B will allow anonymous visitors. 

Site A and Site B are running the same code base, but with different web.configs. Because of:

The OWIN provider for WS Federation does not support multi-tenancy so each site must run in it's own web application for authentication to work on all URL's (the WtRealm configuration specified in the example below cannot vary per request). The OWIN provider for OpenID connect can work with multiple URL's, see integration with Azure Active Directory.

Kind regards / Henric