I stumbled upon something odd when I mistakenly typed my URL into the search bar instead of the address bar. It seems that when I click the link to login.microsoftonline.com from Google search results, I get redirected to sites like Australia's Department of Education and the University of South Australia. This only happens through Google searches, not when I enter the URL manually.
When this URL is clicked, Microsoft initiates a WS-Federation authentication flow with parameters like `wa=wsignin1.0`, `wtrealm=urn:federation:MicrosoftOnline`, and others in the request. These parameters are meant to manage the authentication context. Ideally, I'd expect the Microsoft login page to appear first, but instead, I'm getting redirected to ADFS endpoints like fs.det.nsw.edu.au or fed.unisa.edu.au right away.
Interestingly, search engines like Bing and Yahoo also fail mid-authentication, while Brave Search takes me correctly to the login page without a redirect. I'm confused about why this is happening, so I'm sharing my findings here in hopes of finding some answers.
5 Answers
I think it's more of an issue with Google's search results rather than something directly related to Microsoft or ADFS. It seems odd that Google's links would point to external ADFS sites when it's supposed to lead to Microsoft's login.
When I searched on Google, I got similar redirects to ADFS endpoints. The Google results even explicitly mention logging in with the Department's account, which seems like a problem with how search engines are indexing and interpreting the federation metadata. You'd think that Google should be aware of this and manage the results better.
Glad I'm not the only one who thinks it's strange!
The GUID in the URL after login.microsoftonline.com likely corresponds to their tenant. This could explain why the redirects are happening, especially considering the number of users from educational institutions.
You're right! It must mess up the SEO results drastically, especially with so many educational users doing searches.
You might want to check out the ADFS or EntraID communities for insights. I suspect different search engines are interpreting the federation metadata files inconsistently, leading to this redirect issue.
I didn't realize those communities existed! I might just crosspost this.
I replicated the issue too! The first search result directly points to the fs.det.nsw.edu.au domain instead of the standard Microsoft page. It looks like Google’s indexing is pulling ADFS links over the correct Microsoft sign-in page for some reason.
Yeah, it seems to be a Google quirk rather than a Microsoft problem.
But Microsoft handles the login after you click the link, right? So if it's redirecting to ADFS, doesn't that imply an issue on Microsoft's side instead?