We have a Java application running on Wildfly. We use the Redhat keycloak adapter to authenticate against Microsoft Azure via SAML2.
This works fine for users. For example, If a user opens the application
The keycloak saml2 adapter redirects the user to the Microsoft login page (https://login.microsoftonline.com/...) with the SAMLRequest.
The user can login with userid/password
And the user is redirected back to the wildfly app. The user is now authenticated in wildfly and a JSESSIONID is used for further requests as usual.
But how can I login programmatically? I have for example backend services which need to request data form the app. I already tried to implement a java RequestFilter but this works only until the point I get redirected to the Microsoft Login Page for users. This login page consists only of JavaScript (!) and I can not post my UserID/Password to get redirected back.
Does somebody knows how to do a Azure AD Login in java or with curl? Or is there any alternative URL for the Login not based on Javascript - maybe some Rest API?
I have an MVC site running on IIS 10. The IIS server and our users are all on the same domain. My question: is there a way for the MVC website to determine the domain user without having the login prompt appear when accessing the website? I turned on Windows Authentication - this causes the login prompt, but it does give me the domain user. The Allow Anonymous returns the IISUSR account. I'd like to access the domain user, but not have the login prompt appear. Thanks in advance.
Question: How can I custom brand my Azure AD application login page? (note: NOT my org's login page; see below)
I have a web application hosted in Azure where users can log in using accounts that are created and managed within the application. Since my application is used by many big organizations, I have added the capability for customers to also sign in using their account that's managed by their organization (single sign on). This was done using Azure Active Directory, which syncs the local AD accounts into Azure where cloud authentication occurs. Since this application is used by many organizations all with their own separate ADs, I created the Active Directory application within Azure as multi-tenanted. With all of this done, the new login process works perfectly, however, I can't figure out how to brand the Microsoft hosted application sign in page.
Please keep in mind the distinction between the application login page and the organization's tenant login page. There is ample documentation about how to brand the organization's tenant login page, but not the application login page. Consider the application flow to understand the difference:
User goes to my app's login page, and chooses "Login with your existing organization account".
The user is redirected to a Microsoft hosted login page for my application. At this point, Microsoft/Azure Ad only knows which application this is for; it doesn't yet know who is logging in or which tenant (organization) they belong to. This is the login page I need help branding (logo & page background).
After the user enters their email address (and even before they enter their password), the user is redirected to a different login page--the login page for the user's organization (i.e. their tenant). This page shows that organization's custom branding if it was setup. This is not the login page I wish to brand; it is my customer's responsibility to brand their org if they desire.
After the user enters their password on their organization's login page, the user submits the form. Azure then successfully authenticates them and redirects them back to my application where they are now authenticated as well.
NOTE: this should be possible as you can see Microsoft is doing it on all of their cloud apps as well (Office 365, Visual Studio, Azure Portal)
NOTE: this question was asked over 3 years ago, but only 1 misdirected answer was given, and Azure and Azure AD has changed drastically since then. See: Azure Active Directory Custom Branded login page dont work with third party application. Also, the Microsoft documentation only covers the branding of the tenant login page, not the application login page like I am seeking. See: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-add-company-branding.
What you observe is only possible for Microsoft owned applications.
The customers can only brand their organisation login page.
What you can do however, is to redirect the user to your org login page. Then the first thing the user will see is your company branding. After they enter their login name, they may see their custom org login page (if the organisation has customized the login experience).
If you such a feature (per app custom login page) is something worth looking at, you can create a feature request on the UserVoice site - http://mygreatwindowsazureidea.com/
Just as a note - per app custom login page is today only possible on Azure AD B2C via custom policy implementation.
I'm trying to implement SSO for Liferay and i want to use Simplesamlphp as an Identity provider and Liferay will be the Service Provider. I have redirected the sign In in Liferay to my Simplesamlphp site by adding auth.login.url=http://myloginappjcq.com in the portal-ext.properties file. But when i click on sign In it redirects to my website myloginappjcq.com. In my Website i have added a link to my Liferay site. There are links to other applications as well in my website which are built using PHP. When i click on these links the application will be authenticated with the username and password which was given during the time of login. But, When i click on the Liferay Link it is not authenticated and it shows the sign In Page again.
Is there a documentation which explains Liferay integration with SImplesamlphp.
Thanks
I have a scenario where I want to get the single sign on experience between SharePoint and another ASP.NET website. They are both on same domain and both using windows authentication. Both website have anonymous authentication turned off and windows authentication turned on. Can anyone please help for the following scenario?
User go to SharePoint 2010 website
Login to SharePoint by entering windows username and password to landing login page
SharePoint 2010 contains iframed webpart which go to another asp.net website on same domain (different port number)
User should be able to access the another asp.net website without login
My problem is during step 4 where user have to enter the windows credential again to login to asp.net website. How can I resolve this issue?
Thanks,
SJ
Windows authentication is not automatically passed between applications. Since you choose to iframe the other site you will need to separately login to it.
I find it a bit odd that your users dont get automatically logged in, but then you maybe dont have domain login on your computers.
However this can be automated a bit with impersonation, check this thread http://forums.asp.net/t/304484.aspx