Which library do we have to use for integrating Azure AD in an iOS app - ADAL/MSAL ? Is MSAL an advanced version of ADAL with support for personal accounts also? Which one supports SAML 2.0 protocol ?
MSAL works with the AzureAD V2 endpoint, whereas ADAL works with the AzureAD V1 endpoint. You can find the difference here. Yes, MSAL allows personal accounts to sign in.
If you're migrating or updating an application that relies on SAML, you can't use Microsoft identity platform(MSAL). Instead, refer to the Azure AD v1.0 guide.
Related
Is it possible to use a generic OAuth 2.0 implementation for both Azure AD authentication and Google cloud OAuth?
msal.js is available for Microsoft Azure AD integration. Is there a common library that can be used to support both Azure AD authentication and Google authentication. Once both authentication providers are supported, user will be able to pick and choose a login. Is this possible?
We are developing the azure B2B Application to invite and access our Asp.net application that is hosted in the Azure. I checked the example https://github.com/Azure/active-directory-dotnet-graphapi-b2bportal-web which uses the ADAL for most of the operation. In the example from the above link, the MS Graph using an access token generated from the ADAL, but Microsoft recommends using the MSAL.
My question is Which one we have to use the for MS Graph in the ASP.net Application either ADAL or MSAL.
Both of them can help in handling Ms Graph, but MSAL provides multiple benefits over ADAL including incremental consent, richer single sign-on experiences, support for personal Microsoft accounts, use of standards-based protocols and so on.
Also, MSAL has good examples available for Ms Graph and easily implemented.
I agree with Hari above. Both MSAL/ADAL capable of working with MS Graph. But here's the key differences:
Active Directory Authentication Library (ADAL) integrates with the Azure AD for developers (v1.0) endpoint, where MSAL integrates with the Microsoft identity platform (v2.0) endpoint.
The v1.0 endpoint supports work accounts, but not personal accounts. The v2.0 endpoint is the unification of Microsoft personal accounts and work accounts into a single authentication system. With MSAL you can also get authentications for Azure AD B2C as well.
So MSAL enables developers to acquire tokens from the Microsoft identity platform endpoint in order to access secured web APIs. These web APIs can be the Microsoft Graph, other Microsoft APIs, third-party web APIs, or your own web API. MSAL is available for .NET, JavaScript, Android, and iOS, which support many different application architectures and platforms.
Hope this helps.
I am trying to handle authentication for my app which uses Microsoft Graph.
What is the difference between these two libraries?
Active Directory Authentication Library for JavaScript (ADAL.js)
Microsoft Authentication Library for JavaScript (MSAL.js)
Is ADAL.js just an Angular 1 library of MSAL.js?
MSAL.js works with the AzureAD V2 endpoint, whereas ADAL.js works with the AzureAD V1 endpoint. The V1 endpoint supports work accounts, but not personal accounts. The V2.0 endpoint is the unification of Microsoft personal accounts and work accounts into a single authentication system. Finally, with msal.js you can also get authentications for Azure AD B2C.
We have requirement to configure Azure AD as a 3rd party key manager in WSO2 API gateway 2.1.0. Is there any reference available for the key manager client implementation with azure AD?
The scenario is that a mobile app will use Azure AD for authentication. Azure AD returns a token. Mobile app uses this token for API invocation via WSO2 API gateway. As per my understanding, this can be handled by configuring Azure AD as key manager in WSO2 API mananger.
Any help in this regard is much appreciated.
Based on my understanding, the WOS2 API Manager used Key Manager to handle all clients, security and access token-related operations.
To integrate WOS2 API Manager with Azure AD, we need to implement the Key Manager ourselves. Then we can follow this document to configure the Third-Party Key Manager.
See the WSO2 default Key Manager implementation for a sample Key Manager implementation.
And here is the helpful documents about integrating application with Azure AD:
Integrating applications with Azure Active Directory
Right now, I have a native azure app that my iOS app uses ADAL to authenticate to with no issues. I've added a Web API in azure and it's being managed by the Azure API Management resource. I have this API using an oAuth server that uses Azure AD for authentication (all created within the Azure API Management).
The issue I'm having is the oAuth token I'm receiving from my iOS App is not being accepted by my Web API. They are both using oAuth to the same Azure Active Directory. I tried changing in my iOS app, to use the Web API app client ID instead of the native app client ID. The issue then becomes during authentication, it needs a "client_secret" in the request. Looking at the ADAL iOS library, I'm not seeing a method to get a token that passes in a client secret as a parameter.
Scroll down to the Keys section, you will see the key as the client secret. They are used for calling the web api.
These two methods of authenticating the applications are referred to as interactive (user signs in) and non-interactive (app provides its own credentials). In the non-interactive mode, you must assign the service principal to a role with the correct permission. About the AAD authentication's more information, you could refer to: https://azure.microsoft.com/en-gb/documentation/articles/resource-group-create-service-principal-portal/