0

Our product is a hosted Web application which needs to be accessed by a client X using SSO. The client credentials are maintained on a Azure Cloud platform, and users are authenticated when they login to their Windows PC. What is the best way for us to integrate our application on the client's Windows environment, so that all users are authenticated without logging in to our application? The client has pointed out that we could use ADAL but i'm not sure if that works as we do not have our own AD based or LDAP based user management platform. We currently store all the user management data in the DB.

I'm a newbie to this topic so any guidance is really appreciated.

javshak
  • 179
  • 2
  • 15
  • Are there some Web APIs supplied by the hosted Web Application for accessing in client X? – Peter Pan Dec 16 '15 at 14:24
  • I'm afraid no. We just create an external URL for access however we do have an SSO Authentication Filter that looks for request based parameters. But that was for access from our own portal. – javshak Dec 16 '15 at 14:32
  • Do you want to use Windows Authentication to allow the client X to access the Web Application? Is the Web Application hosted on Azure? Is the client or Web App developed in Java? – Peter Pan Dec 16 '15 at 14:44
  • The web application is developed in Java & hosted on Tomcat. The client might access the hosted application from a link on their employee portal but I'm not certain this portal is Java based. My assumption is that since the users are already authenticated when they login via windows Live ID or something they need not be re-authenticated via a Web API call to the Azure Cloud when they access our web application. – javshak Dec 16 '15 at 14:52
  • Yes, the idea is similar with mine. So what details do you need help? – Peter Pan Dec 16 '15 at 15:41
  • So in case we do not want to reauthenticate when the user clicks on our Web application url, what's the best way to log him in via Sso? – javshak Dec 16 '15 at 15:45

1 Answers1

0

Based on my understanding, the issue is that the authenticated user from a portal access a url link of Java Web Application working with SSO when the Java webapp and the portal are not identical.

Per my experience, I think you can try to use Azure AD Application Proxy to solve the issue. You can refer to the document https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-sso-using-kcd/#working-with-sso-when-on-premises-and-cloud-identities-are-not-identical to know the application scenario of Application Proxy.

You can try to follow the steps below to implement the needs. And as references, there are some documents explained how to do for each step.

  1. Enable the Azure AD Application Proxy on Azure Portal, and install & register the proxy connector for your application. Please refer to the doc https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-enable/ for more details.
  2. Publish your application using Application Proxy, please follow the wizard steps of the doc https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-publish/.
  3. Enable SSO for your application and the portal, please review the section Working with SSO when on-premises and cloud identities are not identical of https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-sso-using-kcd/#working-with-sso-when-on-premises-and-cloud-identities-are-not-identical.

If some issue encounted in implementing the plan, you can firstly refer to the doc https://azure.microsoft.com/en-us/documentation/articles/active-directory-application-proxy-troubleshoot/ to troubleshoot.

Any concern, please feel free to let me know.

Peter Pan
  • 23,476
  • 4
  • 25
  • 43