Implement SSO using IdentityServer4 - single-sign-on

I was implement the Identity management server by help of the documentation.
I am running the following applications:
I run the Identity server
I run the API
I run the MVC client
My MVC client gets opened in a Chrome browser. After open I click on Login and provide username and password and click submit. I got successfully logged in and it redirects me to the home page.
The problem is, after I open open another Chrome window, then I try to open the MVC Client and it asks me again to login. How can I solve this?

If you are running the MVC client from the Visual Studio debugger, it creates a brand new browser session (no old cookies, application data etc.). As IdentityServer is keeping the logged user information in a cookie, by running your application like this, you are loosing this cookie, and this is why you are forced to re-login.
I recommend you to deploy your MVC client to a local IIS site and try again. You will see that no such issue occurs (as long as you are not opening the site in an incognito mode of course).

Related

Using AzureAD secured application as a Personal App can't show login.microsoftonline.com in iFrame - does work in Developer Mode

I've created a webapplication, hosted in an Azure App Service. The App Service is secured using Azure AD Authentication with login required.
When trying to load this page in a Personal App, the page tries to redirect to login.microsoftonline.com which is not able to show the page in an iFrame.
When switched to Developer preview the application is shown, passing the login using the currently signed in user.
Is there an ETA on enabling this behavior on the "non-developer preview" client?
Or is there another way to achieve this?
PS: I'm aware of the SSO javascript API, but this does require anonymous access to the application executing the JS calls. Unless I'm missing something? :)

Can a REST service be used by both active and passive clients?

I have a Silverlight application that calls a REST service. I want to enable single sign on with another website so I'm inclined to implement passive authentication. When the browser navigates to the XAP file, it will get redirected to the STS. After presenting credentials, the browser downloads the XAP file.
At this point the browser has 2 cookies: 1 identifying a session with the STS and 1 indicating a session with the RP that hosted the XAP file. All HTTP traffic generated by the Silverlight app goes through the browser so the STS session cookie is automatically included outgoing requests even though I don't have direct access to it. The other website trusts the same STS so it respects the existing STS session and everything's grand.
But now I want to implement an iOS client which will probably be active. Can this client consume the same REST services, and if so, how?

External SSO and Web Application running on TOMCAT 6.0

New to JAVA. I developed Web application(JSP) successfully delpoyed on TOMCAT 6.0. Now the client want to use external SSO to authenticate users. As of now when the users are authenticated the website is displayed with Login Page where the user has to login again.
I am using the Login.jsp to bring the user roles from the SQLDB for Website.
What I want to accomplish now is when User is authenticated login.jsp should retrieve the credentials from the SSO and display the website thus accomplishing the purpose of Single sign on process.
I read a lot from this forum and other websites but kinda lost in the process.
Any help would be appreciated.
thank you
We developed a Tomcat extension (valve) which does just that. Basically you use standard J2EE security (role-ref etc) in your app and our Tomcat valve then acts as a bridge between Tomcat and our SSO platform. You can find out more at www.cloudseal.com
Of course you may not want to use our SSO platform :-( but you can still use our Tomcat valve and modify it to fit your needs. It's released under an Apache 2 license and you can grab the source from Github

New session on every page view when running Facebook application in IFrame in IE and Azure

I am developing a Facebook application and I am using Facebook C# SDK v4.2.1 to help with authentication. I am building the application using ASP.NET MVC 2 and am hosting it in Windows Azure (SDK v1.2).
Everything has been running fine when I had my application in a full browser window, but now when I am attempting to IFrame it in Facebook, I run into session problems. The behavior is that a new session is created on every new page request so the user always comes back to the application's login page. I can see that that Facebook session is valid when Facebook redirects back to the application after authorization, but when I set some session variables and redirect to another page, the session is gone.
When I debug the application locally, both as a standalone web application and in the Development Fabric, everything works fine. It is only when it's published to Azure that I get the problems. I have tried to have a local debug environment that is very similar to production where I have the facebook application at apps.facebook.com/myappnamedev that points to localhost on a specific port.
I just now also discovered that I only see the problem in IE (I am using v.8). Firefox v3.6 and Safari v.5 works fine.
Any ideas to help my troubleshooting? I have spent 10 hours on it and it's getting really frustrating... I am happy to paste code/configuration info if needed, just let me know.
Thank you in advance!
// Peter
I solved this. The redirect from Facebook after authentication landed on different pages in my development environment compared when deployed to Azure. I moved my authentication logic to global.asax instead.

Facebook connect

I have an asp.net site and I use log in to facebook calling
http://www.facebook.com/login.php?api_key=API_KEY&connect_display=popup&v=1.0&next=http://localhost/site/login.aspx&cancel_url=http://www.facebook.com/connect/login_failure.html&fbconnect=true&return_session=true&skipcookie=true
Logs in very well, returns to my site, I see session parameter in url, but I can't catch any postback or something.
Could you help me, please?
Thank you
A couple of things to check:
Make sure that http://localhost/site (or whatever the url for the root of your app is) is set in your application's connect settings
If you're using the Visual Studio development studio development web server (Cassini), your app's url will include a port (for example, http://localhost:34256/site). This url (including the port) will need to be specified in your connect url in your application's settings on Facebook.