I submitted a bug for ADAL js project (https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/102) but would like to check with the community - maybe someone has insight on why it is so. Title pretty much says it all: ADAL js does not work in IE when acquiring token for remote endpoint when website URL is added to "Trusted Sites". I created two test webapps: webapp and webapi and published to Azure websites. These samples are based on https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/102. WebApp: https://sergtestapp2.azurewebsites.net/#/Home, WebAPI: https://sergtestapi.azurewebsites.net. Anyone can try these apps out as long as you have microsoft account, because this app is multitenant. Once this question is answered I will wipe them out.

Pretty simple, navigate to WebApp and click login. ADAL js will handle the auth part and redirect to MS login page. Login -> navigate to "Go To List" and add couple items. Now, if you open IE or Chrome -> both "Go To List" should show the same items in the list. But if you add webapp to IE's "Trusted Sites" - you can longer "see/add to" the list in IE. Chrome would still work.

I can reproduce the same issue with IE 11 (Local intranet or Trusted sites). If you cannot remove your website from trusted or intranet lists, you can add https://login.microsoftonline.com (or your tenant login page) to your Trusted sites list. I solved the problem this way for now...

There is no solution with the library. Maybe it is possible to solve it with some sort of "proxy". I have 2 solutions which might work or not, more exploration is needed.

1. Solution try: a) ADALjs redirects to application url instead azure ad login which is trusted. b) Application then requests application token by redirecting user to azure ad login by request code. c) user inputs its credential. d) user submits e) application processes submit and returns bearer token in cookie.(needed to check if this is right way) f) adaljs then gets this token as it came from azure ad login

2. Solution try a) adal js opens new window and listens for postmessage. c-d) same as 1. e) application processes submit and returns javascript to execute postmessage with bearer token. f) adal js saves this token.