Electron SSO


#1

Hi

I have a need to be able to open a Windows application via an internet browser, which I have figured out how to do. But this particular example also needs to be authenticated using Single Sign On. Which is proving to be a bit of trouble for me currently.

I basically want to be able to click on a person in a web browser and open the needed Windows application and pass their ID to the windows application, so it’s pulled up on the Windows application. Nothing overly complex (I don’t think)

Is this something Electron could help with?


#2

Hi, I have the same issue and am hoping that someone answered your question offline. This is what I’m trying to do:

  1. User should not have to enter user name and password into Electron app after having successfully logged onto Windows.
  2. User should be able to access parts of the api based on the LDAP groups they have been added to.
  3. User cannot access backend unless added to appropriate groups…

Is this something Electron could do?


#3

No one has answered my question yet. Still hopeful of getting some guidance on this :slight_smile:


#4

Hi,

This helped me in accessing the internal network.May help you give a try.

const {app, BrowserWindow} = require('electron');
const {session} = require('electron')
let mainWindow;
app.on('window-all-closed', function() {
  app.quit();
});

app.on('ready', function() {
  mainWindow = new BrowserWindow({width: 1024, height: 768 });
  session.defaultSession.allowNTLMCredentialsForDomains('*')
   mainWindow.loadURL('file://' + __dirname + '/browser.html')
  mainWindow.openDevTools();
});

#5

Thanks @myfrndjk

Could you explain in a little more detail what the code is doing so I can try to adapt. My first time trying to access something on the Windows network! :slight_smile:


#6

Hi,

That is sample app important lines are const {session} = require('electron') session.defaultSession.allowNTLMCredentialsForDomains('*')
As per documentation it will dynamically sets whether to always send credentials for HTTP NTLM or Negotiate authentication.Please check the below link for documentation .I think this line is negotiating for authentication instead of we give user name and password.I am not 100% sure what exactly this line is doing but when I added that line and tried to access my internal network [sentry authentication], I can able to access the link from app without providing user name and password.

Session api link.

Is this what you are trying to achieve.


#7

@myfrndjk So from here, how would I open the Windows application which requires SSO? I’m totally new to Electron and Windows system applications


#8

I think we are tracking multiple issues in this.
What i suggested is for @dee3426d

1.User should not have to enter user name and password into Electron app after having successfully 2.logged onto Windows.User should be able to access parts of the api based on the LDAP groups 3.they have been added to.User cannot access back end unless added to appropriate groups…

If you want to access https/sso url from your electron app, above code will do that.

I am not sure how to access another windows application which requires sso