How to determine which AAD application was launched(requested) by user, when AAD redirected him to custom Idp SignIn page via Saml2 SSO request

Hi,

I have a requirement if a user launches some application registered in Azure Active Directory I need to redirect him to my custom Identity Provider Sign In page based on user's email domain, so I successfully configured all these stuff:

So in details what I did:

I created an Azure Active Directory tenant, created a verified domain(for example: test.com) and configured it as Federated with SSO endpoint, so then when user will try to pass authentication via Azure Active Directory Sign In page the AAD will redirect a user to my custom Identity Provider SignIn page with a Saml2 request.

My question is:

When a user launches some application that is registered in Azure Active Directory, user is navigated to the AAD sign In page, then he inputs his username which contains the email domain that was configured as Federated, for example user name inputs the following username: user1@test.com, then AAD with a Saml2 request redirects that user to the custom Identity Provider SignIn page, this works,

but HOW I can detect(know, determine) which application was requested by a user. I am confused because in AAD saml2 request IssuerName is always:urn:federation:MicrosoftOnline for all applications registered in AAD?

There is AAD RAW Saml2 request with RelayState:

samlRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBJRD0iXzY2OTZmN2JmLTM2NDEtNDdmOS1hZTM4LWY5YTIzOTdlZDE4MyIgSXNzdWVJbnN0YW50PSIyMDE1LTA4LTA2VDA5OjUxOjA2WiIgVmVyc2lvbj0iMi4wIiBBc3NlcnRpb25Db25zdW1lclNlcnZpY2VJbmRleD0iMCIgPjxzYW1sOklzc3Vlcj51cm46ZmVkZXJhdGlvbjpNaWNyb3NvZnRPbmxpbmU8L3NhbWw6SXNzdWVyPjxzYW1scDpOYW1lSURQb2xpY3kgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDpwZXJzaXN0ZW50Ii8%2BPC9zYW1scDpBdXRoblJlcXVlc3Q%2B&relayState=A21*KNdS39OP0LfGlt2ufcfKAYKJ

AAD desterilized Saml2 request: 

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_7171b0b2-19f2-4ba2-8f94-24b5e56b7f1e" IssueInstant="2014-01-30T16:18:35Z" Version="2.0" AssertionConsumerServiceIndex="0" ><saml:Issuer>urn:federation:MicrosoftOnline</saml:Issuer><samlp:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/></samlp:AuthnRequest>

May be there is some AAD api which by Saml2 request ID could return the requested application(Application Resource ID)?

Regards,

Alexander Semichev