ADAL JS and zones in IE and Edge

Active Directory Authentication Library for JavaScript (ADAL JS) is actually a very nice library to take care of your authentication against Azure Active Directory. Unfortunately the library doesn’t work with IE or Edge as soon as the web application that is using the ADAL JS library is in a different security zone than “https://login.microsoftonline.com”. The reason for this is that IE and Edge don’t allow cookie sharing between zones. Since “https://login.microsoftonline.com” should not reside in any security zone this means that your application cannot be in any zone either. Now why is this such a huge problem?

Most of the applications you register in Azure Active Directory will in fact be internal applications. And most of these applications will reside in the “Local intranet” zone or “Trusted sites” zone. And exactly those applications won’t work with the ADAL JS library if the client is using IE or Edge, unless you add “https://login.microsoftonline.com” to that same zone.

Adding “https://login.microsoftonline.com” to a specific zone, might solve you issue for one application, but if you have applications in both the “Local intranet” zone and the “Trusted sites” zone, you are out of luck as sites (including “https://login.microsoftonline.com”) cannot be part of multiple zones.

In each and every other browser you will not encounter any of these issues as the don’t have this cookie sharing limitation.

I wonder if when they will solve this issue, because the advice to just remove “protected mode” for the “Internet zone” on the ADAL JS GitHub site, makes me shiver when I realize that these same people wrote this authentication library.