在Xamarin中使用Azure AD的跨应用程序SSO

Question

I am trying to enable cross app SSO into our Xamarin apps so that if a user has installed and signed in to one of the apps, he is automatically logged in to other apps of my organization. The following document claims to achieve the requirement

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-sso-android . We are following the non broker assisted login flow.

I have carefully fulfilled the three conditions stated below-

1. The apps are using the same android:sharedUserId in the manifest file.
2. The native client used for them is the same. Only the redirect url is different for the apps.
3. All of them are signed using the same keystore.

But still the functionality is not yet achieved. When i installed and logged in to one app, the second app is still prompting for credentials when i try to acquire the access token using the below line

authResult = await authContext.AcquireTokenAsync(resource, clientId, new Uri(returnUri), new PlatformParameters((Activity)Forms.Context));

Kindly help me know if there is something that i can do to achieve that.

Answer 1

Due to restrictions in Xamarin.Forms, SSO without a broker (Microsoft Authenticator or Company portal) does not work with current version of ADAL. We have a work item to update the documentation.

Answer 2

This is a Xamarin.Forms issue. In order for SSO to work across apps without broker, you need to enable the "Ignore Security" flag, which is not recommended. This requires the app name to be hardcoded and "ignore security".

For example: Application.Context.CreatePackageContext(“com.companyname.ReproApp1”, PackageContextFlags.IgnoreSecurity).GetSharedPreferences(..)…

For the time being, it's recommended to use broker for SSO . You can use Authenticator for both iOS and Android.