0

I'm encountering an issue with the implementation of Single Sign-On (SSO) in our WPF application, and I'd appreciate some guidance or insights from the community.

Here's a breakdown of our setup:

  • We have a main WPF application that utilizes ADFS with MSAL for login purposes.
  • Within this application, we've developed a custom WebView2 control, leveraging the PublicClientApplication to integrate with our custom control.
  • Additionally, we provide support for hosting web applications within our WPF application. Recently, we incorporated an Angular (SPA) web application into our WPF environment, which also uses ADFS with MSAL for login.
  • Our objective is to enable Single Sign-On (SSO) functionality in the hosted web application, utilizing the cache generated during the login process of our WPF application.

We've managed to achieve this integration successfully. However, we encountered a roadblock when attempting to implement automatic login in the WPF application under specific conditions. More specifically:

  • We aim to automate the login process in the WPF application if a certain flag, let's call it "SingleSignOnUser," is set to True by the user. This is accomplished using the AcquireTokenSilent API provided by PublicClientApplication.
  • The issue arises when calling AcquireTokenSilent: it doesn't display any prompts at the start of the WPF application and logs in automatically, and we're unable to achieve Single Sign-On (SSO) functionality in the hosted web application.

It's important to note that we retain the user data folder in its path, and we're not deleting it along with the cache.

Has anyone else encountered a similar issue, or perhaps have insights into what might be causing this behavior?

Single Sign-On should be working with above scenario.

7
  • I'm not familiar with AcquireTokenSilent but I think this knowledge is way easier to comprehend if you are familiar with standard OIDC. So with that in mind, are you aware if it's storing access_token and refresh_token under the hood?
    – mr5
    Commented May 3 at 7:41
  • @mr5, yes, AcquireTokenSilent does rely on storing access tokens and refresh tokens in the background to enable silent token acquisition and refresh operations, as per OIDC principles.
    – Barry Allen
    Commented May 3 at 7:54
  • access_token and refresh_token have a validity period and it wouldn't require another authentication process if those are still valid. What I think you'd like to do instead is to set the expires_in to 0 from the IdP or don't store access_token at all. You may also want to exclude refresh_token from the auth response as I'm not really clear on the requirements.
    – mr5
    Commented May 3 at 8:03
  • @mr5, but if I do that, it will prompt user for the credentials. Here, I want to achieve the behavior where user doesn't need to enter any credentials and also can able to do single sign on in the hosted web application (sub application).
    – Barry Allen
    Commented May 3 at 8:18
  • Does this answer your question? Issue with Single Sign-On (SSO) Implementation in WPF Application
    – Zephyr
    Commented May 4 at 10:17
Related questions
197
SSO with CAS or OAuth?
0
Single Sign On - multiple identity provider, optional SSO pages
0
Single Sign On (SSO) via 3rd party ADFS using ASP.NET WebForms
Load 5 more related questions Show fewer related questions

0

Reset to default