We have implemented SSO (Single Sign-On) for a group of websites with different domain names using passive federated identity (C#, ASP.Net MVC 3, WIF). The setup works fine as it follows the standard passive federation with login page hosted on STS.
www.brand1.com
www.brand2.com
...
www.sts.com (login page hosted here)
Now the client wants that login pages are implemented on each relying party so that the user does not get redirected to STS. The reason is that each relying party is a known brand therefore redirecting to a different domain name (hosting STS) is not acceptable for the respective brand. Customizing login pages on STS for each brand is not acceptable either.
Is there a way to move login pages to relying parties?
There are two routes you could go with this:
Hopefully this helps.