Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 2 of 2 total |
Microsoft Azure MSAL Authentication |
Wed, Nov 15 2023 10:35 AM | Permanent Link |
Eivind | Gents,
I have been asked to look into a single sign-on architecture for my apps for a company I work for. Meaning, a user authenticate and have access to all the companies apps without having to login to all of them. They are using Microsoft Azure's MSAL authentication. So, once landing on my app, they should be redirected to a microsoft login page. Upon successful login, return to my app and continue. If they login to another app and then switch to mine, then no login and direct access. Has anyone used this before? Can this be done through Javascript or should my Delphi ISAPI dll's handle all this? Not really sure how to attack this so any help is appreciated. Br Eivind |
Wed, Nov 15 2023 6:14 PM | Permanent Link |
erickengelke | Eivind wrote:
> have been asked to look into a single sign-on architecture for my apps for a company I work for. I have done this for many apps. The trick for me was to leverage Apache + Mellon driver, which talks to ADFS. ADFS / MSAL are related, I can't help you there because that's outside my range. Once you have Apache talking, you can set up a virtual link to any web server (Windows, Linux, etc.) on the same machine or elsewhere using a virtual path. The redirection is automatic. They do not get to your web site (generally) until they had ADFS logged in, and then you know anyone connected is who it says' they are in the local Apache $_SERVER["MELLON_samaccountname"] field. From there I make a JWT token (jwt.org) which I can pass to my client application in a cookie, and that tells your code in a trustworthy way, who is connected. Or if my server is PHP based, it can query that $_SERVER variable directly from PHP. > Meaning, a user authenticate and have access to all the companies apps without having to login to all of them. Exactly, that's exactly how it works. > If they login to another app and then switch to mine, then no login and direct access. Exactly ,it's all handled by the Mellon driver to redirect to MS ADFS and then back to you. > Has anyone used this before? Can this be done through Javascript or should my Delphi ISAPI dll's handle all this? It's really challenging. Getting Apache working was hard the first time, then the rest fell into place. You can contact me for more info. Erick EWB Programming Books and Nice Component Library See my EWB BLOG posts, at: http://www.erickengelke.com |
This web page was last updated on Friday, November 1, 2024 at 07:01 PM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |