winjs windows store app and AAD SSO experience (i.e. save cookies from microsoftonline/AAD login pages)


The javascript – with winJS library – sample of a windows store app talking to a node.js azure mobile site CAN be made to do SSO – and all the other features of microsoftonline that depend upon being able to set cookies used on a second or nth run of the store app’s login process. This particular “SSO mode” has NOTHING to do with ADAL libraries OR the persistence of the azure mobile token in a client-side store/keychain, note.

The key thing to do is PRETEND that you are signing up for a microsoft live application (even though you are really using your own AAD tenant).

So, first create a store app reservation and associate the sample app source code with that reservation. Then go to windows live – and find the following 3 pieces of “app setting” information (don’t ask why).

image

https://account.live.com/developers/applications/summary/000000004012130A

In your mobile site, specify these values in the microsoft account settings area of the identity settings – even though you are NOT trying to associate your site with microsoft accounts. (This is the magic that allows the client, the site and the libraries to setup SSO, rather than accept invite users to present microsoft account identities)

image

App Settings

Package SID: ms-app://s-1-15-2-2046316581-155186758-2005573411-1086478214-2361134102-2500721798-9514390

Client ID: 000000004012130A

Client secret: cVyeQ99HHSLiHZlbqAxK2n4Qor9xfNrm

Add authentication to your store apps winJS source code, per the instructions at http://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-store-javascript-get-started-users/#add-authentication

image

Then modify the code to replace facebook with “aad”, and add a true parameters (to setup the mobile client’s javascript’s library to so interact with the interceptors in the site so that the windows/phone web authentication browser will see the relevant values, above. Between REQUESTING this (in code) and SETTING IT UP (in the identity tab, above), one gets nirvana – i.e. a cookie jar that the WAB will provide to the next run of the login process (to an aad tenant).

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in AAD, Azure AD. Bookmark the permalink.