Reputation: 13207
ADFS SSO in UWP App
I am facing a hopefully simple problem:
I need to create a wrapper app that contains a WebViewer control and should display a page in Azure portal.
I am developing the app in VS 2017 on a virtual machine which belongs to the domain 'DEV'. I would like to achieve that if a user from 'PROD' domain starts the app on their computer in the 'PROD' domain, they will be authenticated to AAD/Office 365 via SSO and can view the page in Azure (not a site in azurewebsites.net, but a site that needs you to be authenticated - i.e. portal.azure.com!).
I was not yet able to test the app on 'PROD' domain, but according to the answer below it would work, wouldn't it?
https://stackoverflow.com/a/9593258
If not can I go through the steps in the white paper mentioned and SSO the user manually (chapter 5.3, I assume)?
EDIT
Took me while, but here it is - I got SSO working, sort of...
In the end it seems that using a WebViewer control allows SSO but it still requires you to at least once enter your user name ([email protected], for example) but you don't need a password. This might not be an optimal solution, nevertheless it is OK.
Thank you Wayne Yang for your support.
Upvotes: 1
Views: 218
Answers (1)
Reputation: 9411
For your sceanrio, the user can SSO in PROD domain if the device has AAD joined. But this should SSO to the joined AAD tenant. I also assume that you want to SSO to Azure portal with the ADFS. So, it also needs integrate ADFS with the AAD.
Why?
First, if your application try to sign in Azure portal via pop-up a broswer, and it needs SSO. AAD join can achieve this. If a device joined AAD, it will obtain a refresh token to your device. For windows 10 , IE and Edge can use the refresh token to SSO AAD endpoint.
Second, If you want to use ADFS, you must integrate ADFS with Azure AD. In this way, AAD authentication endpoint will redirect to your ADFS to approach SSO with your local domain.
Reference:
How to configure hybrid Azure Active Directory joined devices
Federate multiple instances of Azure AD with single instance of AD FS
Azure AD Connect and federation
Hope this helps!
Upvotes: 1
Related Questions
- Implementing Azure ADFS in Web Forms Application
- Web application authenticating ADFS connected to Azure AD with the OAuth 2.0 authorization flow
- Setting up ADFS for a Web App
- asp.net web application adfs authentication of client intranet in azure cloud without azure AD
- SSO with Azure ADFS and OWIN
- SSO via ADFS for Office 365 (SharePoint Online)
- Connecting ADFS to Windows Azure Active Directory
- Office 365 Single Sign On
- Authenticate to Office 365 from local ASP.net application
- Single sign on between ASP.NET app and Office365 with on-premise ADFS STS