Elevate Software

Login Login

ProductsBulletSalesBulletSupportBulletDownloadsBulletAbout



Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread

Icon View Thread

The following is the text of the current message along with any replies.
Messages 1 to 2 of 2 total
Thread Microsoft Azure MSAL Authentication
Wed, Nov 15 2023 10:35 AMPermanent Link

Eivind

Gents,

I have been asked to look into a single sign-on architecture for my apps for a company I work for. Meaning, a user authenticate and have access to all the companies apps without having to login to all of them. They are using Microsoft Azure's MSAL authentication. So, once landing on my app, they should be redirected to a microsoft login page. Upon successful login, return to my app and continue. If they login to another app and then switch to mine, then no login and direct access.

Has anyone used this before? Can this be done through Javascript or should my Delphi ISAPI dll's handle all this?

Not really sure how to attack this so any help is appreciated.

Br
Eivind
Wed, Nov 15 2023 6:14 PMPermanent Link

erickengelke

Avatar

Eivind wrote:
>  have been asked to look into a single sign-on architecture for my apps for a company I work for.

I have done this for many apps.

The trick for me was to leverage Apache + Mellon driver, which talks to ADFS.  ADFS / MSAL are related, I can't help you there because that's outside my range.

Once you have Apache talking, you can set up a virtual link to any web server (Windows, Linux, etc.) on the same machine or elsewhere using a virtual path.

The redirection is automatic.  They do not get to your web site (generally) until they had ADFS logged in, and then you know anyone connected is who it says' they are in the local Apache $_SERVER["MELLON_samaccountname"] field.

From there I make a JWT token (jwt.org) which I can pass to my client application in a cookie, and that tells your code in a trustworthy way, who is connected.

Or if my server is PHP based, it can query that $_SERVER variable directly from PHP.



> Meaning, a user authenticate and have access to all the companies apps without having to login to all of them.

Exactly, that's exactly how it works.

> If they login to another app and then switch to mine, then no login and direct access.

Exactly ,it's all handled by the Mellon driver to redirect to MS ADFS and then back to you.


> Has anyone used this before? Can this be done through Javascript or should my Delphi ISAPI dll's handle all this?

It's really challenging.  Getting Apache working was hard the first time, then the rest fell into place.

You can contact me for more info.

Erick
EWB Programming Books and Nice Component Library
See my EWB BLOG posts, at:
http://www.erickengelke.com


This web page was last updated on
Monday, May 6, 2024 at 12:23 AM

Privacy PolicyBulletSite Map

© 2024 Elevate Software, Inc. All Rights Reserved
Questions or comments ? E-mail E-mail us at info@elevatesoft.com

Image