0

I have mail box which has authentication with Azure AD Authentication. I am doing a POC with RoundCube where the authentication to login to that mail box should not be a user name and password. The application authentication will happens using Azure Active Directory and the same auth token should be passed to RoundCube to get authenticated the mail box while login to RoundCube.

Can you please point me any solution for the same.

Many Thanks, Thirumalai M

Thirumalai
  • 121
  • 1
  • 11
  • Hi Thirumalai, we are looking at your question, but are not sure what you are asking. It appears to me, at first glance, that you are inquiring about the [AAD Client Credential Flow](https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx). The other thing I think you could be asking about is the [Delegated User Identity with OAuth 2.0 On-Behalf-Of scenario](https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/#daemon-or-server-application-to-web-api). Can you clarify your question here, and let me know if either of these resources helped? – Shawn Tabrizi Jun 18 '15 at 19:30
  • Hi Shawn, Thanks for your reply. My requirement is "I have a Web application that is secured via Azure Active Directory. We have sync to AAD from on premise all the users AD data. The employees are accessing the mail box via AAD login page. We have RoundCube open source application to mail operation on our application. Currently the RoundCube accepts mail id and password thru login page again to see mails. We want to avoid addition login and use the AD token acquired from application and pass to RoundCube to check mails. - how Gmail OAuth working in Gmail with RoundCube. – Thirumalai Jun 19 '15 at 15:19

1 Answers1

0

Based on your comment, I believe you are looking to implement an "on-behalf-of" scenario.

Please take a look at the following Sample we have on our GitHub: https://github.com/AzureADSamples/WebAPI-OnBehalfOf-DotNet

In this sample, native client calls a web API and then the web API calls another downstream web API after obtaining a token to act On Behalf Of the original user. The sample uses the Active Directory Authentication Library (ADAL) in the native client to obtain a token for the user to call the first web API, and also in the first web API to get a token to act on behalf of the user to call the second web API. Both flows use the OAuth 2.0 protocol to obtain the tokens.

Let me know if this sample helps you, or if you need additional clarification here.

Thanks, Shawn Tabrizi

Shawn Tabrizi
  • 12,206
  • 1
  • 38
  • 69
  • Hi Shawn, Thans for the reply. I understand this example, and we are already using the same to authenticate two service and pass the OAuth token from one application to another. My query is little different - "Acquire AAD Token and pass the same token to Roundcube application and accessing the mail box of corporate". Currently community provides a plugin for RoundCube for OAuth to GMail and access the Mail box of Gmail. The same way I want to access corporate SMTP server using OAuth of AAD token as corporate AD sync the AD credentials. Please let me know if this is possible. – Thirumalai Jun 20 '15 at 09:17