Question

Log into Azure with a popup window

Web Client Directory Server Self-Hosted Version 12 Ideas

Updated January 21

asked on January 15

Hello everyone. I have a situation that I'm working on, and I'm wondering if anyone else has tried to do it.
I have my internal website that runs web apps. I have a nice AP app that is built with the idea that on one side of the window are data entry fields, and the other side is an iframe with a link to the LF document.

Everything works, and my users really like it. The issue is comes up when LF tries to authenticate with Azure in the iFrame. My users are getting errors. If they open the document in a new tab, the authentication flow works, and then my app works. It's only that first time they try to log in for the day.
After some research, I'm thinking that having a pop-up window do the authentication part.
Has anyone accomplished this before? Any idea on the best documentation to follow? I'm going to try to use some AI to help, but we all know that it's finicky.
Thanks.

1 0

Replies

replied on January 19

It sounds like a cross origin issue where the azure login portal doesn't support the url of your custom app. popup auth would work regardless of the origin issue.

You should see some useful error(s) in the dev console.

0 0

View 1 previous reply

replied on January 19

It's a 100 percent cross-origin error. The problem comes from Microsoft's site. That site doesn't allow for the redirects.
I'm wondering how Laserfiche could help with this? I know I wouldn't have an issue if I were using LF accounts, but since I'm using LFDS and SAML accounts, I'm looking for the easiest way to get people signed into LF with the limitation of Azure not allowing redirects. It would be cool if the LFDS config had an option for pop-up window auth.
I'll try to build something myself, but it might be a cool feature to have in LFDS.

0 0

replied on January 20

I think the easiest way would be to open the popup yourself any time the page is navigated to. You can detect which page got navigated to to determine if the user is logged in or not.

I also did a little quick googling and it looks like Azure AD does support embedded logins in iframes, just not by default. Something about custom policies vs user flows (default)

0 0

replied on January 20

What did you find about Azure supporting embedded logins and where? Everything I saw was that they don't allow cross-origin requests from their login site. If I could get Azure to let me designate my site as permitted, we would be all good.

0 0

replied on January 21

It seems like thats only available for B2C and not Entra ID which I'm assuming you're using.

There should be a way to redirect your app to LFDS and have it redirect back to force authentication to Laserfiche before accessing your app. Idk how to do it, but custom redirect allowlist exists in the STS configuration.

0 0

replied on January 19

We had something similar in Laserfiche Cloud for the web client. If the user's session timed out, we wanted to navigate them to the main Cloud login page. But, we were concerned about there being unsaved data in the page, and the general pain of refreshing a page not always restoring the identical experience. The main steps to solving this problem are:

Detect the logout condition
Open a new window to a page that will trigger the login flow
Determine when the login is complete
Reconnect with the new session

I think 2-4 are manageable for your scenario. I'm not sure how you can properly detect when you need to perform them.

0 0

replied on January 19

@████████
Right, somehow the LF site knows. You only get the sts site if your token has expired. It would be awesome if I could trigger a "pop-up" sign-in page instead of a redirect to the LFDS. Then the browsers would have the session ready to load my document in the app.

0 0

You are not allowed to follow up in this post.

Question

Question

Log into Azure with a popup window

Replies

Sign in to reply to this post.