4

I want to implement the single sign-on functionality on IOS using ADFS. I did some R&D and tried the MSAL iOS library for ADFS authentication but it's not working for me.

I have added client id, Authority URL for ADFS authentication but it's not working for me. Every time its give me Couldn't acquire token error.

I have different SSO URL, so not using Microsoft azure server.

I have tried to add my credential in following way for MSAL IOS library

let kClientID = "xxxxxx-8929-4D60-B869-xxxxxxxx"

// These settings you don't need to edit unless you wish to attempt deeper scenarios with the app.
let kGraphURI = "https://graph.microsoft.com/v1.0/me/"
let kScopes: [String] = ["https://graph.microsoft.com/user.read"]
let kAuthority = "https://fs.example.com/adfs/oauth2"

Any Idea?

rmaddy
  • 314,917
  • 42
  • 532
  • 579
arun kamboj
  • 1,145
  • 4
  • 17
  • 48
  • can you please share the code/links that you followed to achieve this? Because following reference link not working. I also need to implement SSO functionality on IOS using ADFS – Nikita Patil Dec 13 '22 at 11:42

1 Answers1

3

Here we do not need to use MSAL iOS. There is a simple solution using Microsoft docs . Following the link :

https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-scenarios-for-developers

We just need to form a url string

https://fs.xxx.com/adfs/oauth2/authorize?response_type=code&client_id=xxxx-xxxx-xxxx-xxxx-xxxxxxx&redirect_uri=appName://&resource=http://xxxx/workflow

This will generate a code which we can fetch in openUrl method in App Delegate and then we need to create a post request with the parameters : 

grant_type:authorization_code
code: xxxxx ( we got from get request)
redirect_uri: appName://
resource:http://xxxx/workflow

That's it . We will get the access_token which we can use further to get userProfile etc.

Hope this helps!

Oliver Hanappi
  • 12,046
  • 7
  • 51
  • 68
Preetika
  • 702
  • 8
  • 21
  • @Preetika The Microsoft doc link suggest using ADAL library for this. If we create a similar URL what about the login page UI ? – subin272 Apr 23 '19 at 17:51
  • Here we are working on login with ADFS. We are assuming login with ADFS only with a single sign on. Other login for the app will be like normal login. – Preetika Apr 24 '19 at 04:16
  • @Preetika I also want the same scenario where we need to login by authenticating with ADFS. My question was whether the "url string" formed above with "client id", "Redirect URI" and "resource" will take the user to a new webpage within the mobile application ? – subin272 Apr 24 '19 at 06:07
  • @OliverHanappi So we need to call only those 2 URL's and not use ADAL library ? Is there any sample application for reference. – subin272 Apr 24 '19 at 06:59
  • @subin272: Yes we will be redirected to the redirectURI mentioned here where we need to fill our information after which it will be redirected back to the application – Preetika Apr 26 '19 at 04:55
  • Hi, link provided by you its not working. Can you please update again. - https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-scenarios-for-developers - not working – Nikita Patil Dec 13 '22 at 11:40