Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SSO in Android using system browser approach not working
See original GitHub issueDescription As given in documentation, we have tried configuring SSO by using system browser option. But, it seems it’s not working. Can you please suggest what am i missing?
App.PCA = PublicClientApplicationBuilder.Create(B2CConstants.ClientID)
.WithRedirectUri($"msal{B2CConstants.ClientID}://auth")
.WithIosKeychainSecurityGroup("com.microsoft.adalcache")
.WithParentActivityOrWindow(()=>App.ParentWindow)
.WithAuthority(new Uri(B2CConstants.Authority))
.Build();
AuthResult = await App.PCA.AcquireTokenInteractive(B2CConstants.Scopes).WithAccount(LoginHelper.GetUserByPolicy(await App.PCA.GetAccountsAsync(), B2CConstants.PolicySignUpSignIn)).WithUseEmbeddedWebView(false).WithParentActivityOrWindow(App.ParentWindow).ExecuteAsync();
By default, MSAL is supposed to use system browser and share cookies for SSO. I have built 2 apps with same values. But SSO doesnt seem to work. Please help me on this regard.
Devices:
- Android Version: API 27, 28
- Using Xamarin MSAL. Version : 4.13.0
Steps to reproduce the behavior:
- Create two different apps with same MSAL configurations.
- Use default settings when creating PCA object. As per documentation, by default MSAL opts authentication agent to be ‘system browser’.
- Login to one application.
- Try to login to another application, it should ideally autologin the user if we use silent login. But as token is null, user have to login again. SSO doesnt seem to work.
- SSO settings are enabled on Azure.
Expected behavior System browser authentication agent SSO approach is expected to work as per documentation.
Actual Behavior SSO with system browser option not working.
References https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-web-browsers https://developer.microsoft.com/en-us/identity/blogs/microsoft-authentication-libraries-for-android-ios-and-macos-are-now-generally-available/
https://docs.microsoft.com/en-us/azure/active-directory/develop/authorization-agents
Issue Analytics
- State:
- Created 3 years ago
- Comments:11 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
TLDR; I believe that if you use the standard pattern of
You will provide the best user experience.
There are 2 levels of SSO that you can achieve. One is controlled by the SDK and one is controlled by the service itself.
The SDK maintains a cache of all the tokens.
AcquireTokenSilentis used to retrieve tokens from this cache. Tokens from one application CANNOT be used for another application, andAcquireTokenSilentwill fail. Moreover, the token cache on Android is stored in shared preferences and this location isn’t even accessible by different apps. So SSO between apps via the SDK is not possible, except through the use of a broker (Authenticator or Company Portal).AAD is responsible for the content of the browser, including session cookies. When you use the system browser, via
AcquireTokenInteractive, it remembers previous logged in users. This is the SSO that you are trying to get I believe.