There are wifi that uses Captive Portal to authenticate. Sometimes it just don't open browser and not requesting authentication? Is there any option to force it? Clear some kind of cache ?
Thanks
Related
Can we achieve the if Any user login into iOS App Through MSAL in azure and it is authenticate and then if I open a webApp into Device Safari then it should automatically sign in and vice versa if do sso on WebApp then iOS App Login
Yes, we can achieve in SSO and web app using Azure using silent SSO between multiple apps.
This type of SSO works between multiple apps distributed by the same Apple Developer. It provides silent SSO (that is, the user isn't prompted for credentials) by reading refresh tokens written by other apps from the keychain, and exchanging them for access tokens silently.
Microsoft provides apps, called brokers, that enable SSO between applications from different vendors as long as the mobile device is registered with Azure Active Directory (AAD). This type of SSO requires a broker application be installed on the user's device.
SSO between MSAL and Safari
Silent SSO between multiple apps need to ensure the following points.
Ensure that all your applications use the same Client ID or Application ID.
Ensure that all of your applications share the same signing certificate from Apple so that you can share keychains.
Request the same keychain entitlement for each of your applications.
Tell the MSAL SDKs about the shared keychain you want us to use if it's different from the default one.
Here are the details information about SSO for IOS and MAC OS.
We have a App A and we use SAML as login. Requirement is to share same SAML session into other vendor apps from our app A. Not sure how to achieve it. Any pointers will of great help. Please let me know if the question is not proper.
Thank you in advance.
Prabhakar.
Sounds like a typical use case for SAML SSO.
Today, as you say you are using SAML as login, I guess you have a SAML Identity Provider that App A send user to for authentication.
What you need to do is to set up the vendor apps to use that same IdP to also authenticate users with. If the user is already authenticated in another app the user will not need to sign in again and will be sent back the the requesting app immediately without needing to authenticate.
I have an app where earlier there was only AD login which we directly authenticated the app via our own server API as a middleware. Now after implementing the ADFS on the server, we are getting the ADFS login page, which we would like to bypass in order to maintain the workflow.
Basically we want to connect to Office 365 data via our own server and feed it to our app.
Does anyone know if even it is feasible to bypass that login page? ADFS v3.0
ADFS has two flows; passive (browser) and active (WCF).
You can bypass the login screen on passive by setting up the browser to do IWA.
Active will give you the flow you want i.e. authentication via a service.
I'm trying to set up authentication for a webapp using Auth0 and a Google Enterprise connection.
The applications needs to be able to access the user's profile, contacts, and gmail.
When I tried this using a Social connection in Auth0, I configured it to ask for Contacts and Gmail permissions. The consent then shows up as expected:
Configuration using Social Google Connection in Auth0
But when I try the same thing using an Enterprise Connection in Auth0, the Contacts and Gmail permissions are not available. And so, the consent screen won't ask for them either:
Configuration using Enterprise Google Connection in Auth0
What am I missing here? How do I setup authentication so that it
only allows in users from my Google Apps directory,
but also: requests the correct permissions for those users?
You should use connection_scopes in Lock or connection_scope in Auth0JS or the /authorize call to pass on any scopes you want to request to the Identity Provider.
Can I authenticate user using adal for iOS (https://github.com/AzureAD/azure-activedirectory-library-for-objc) without webview being popped up ? Is there some API to which I can provide username/password and it returns me auth-token without user typing credentials ?
You could try using the broker mode.
Check this link --> https://github.com/AzureAD/azure-activedirectory-library-for-objc#brokered-authentication
With the broker mode user will be prompted to authenticate using the Microsoft Authenticator App
No. Adal on mobile platforms does not provide mechanisms for using raw username and password directly. Once you performed the interactive authentication (and consent, mfa or anything else your azure ad settings require) you'll be able to function for a long time without prompting again, but that first step requires an experience that offers the opportunity to inject those extra steps. Also, this makes it possible to never disclose credentials directly to the app.