Question

We have SharePoint 2013 hooked up to the userstore of a third party web application. The users from that web application are now also known in SharePoint and able to log in using the same credentials.

Now to support a single sign-on type of scenario, I'd like to be able to pre-authenticate users who are already logged in in the third party app. So a user logs in to the third party app and then also gets a cookie with a valid security token for SharePoint.

What would be the best way to implement this scenario? I know about the security token service and the possibility to get a security token (authentication.asmx) which you can then use for webservice calls. Is it possible to call that same webservice from javascript for instance and then place the cookie on the client pc? Or can I somehow redirect the user to a certain URL allowing some sort of pre authentication to take place?

Was it helpful?

Solution

I dont think you can use authentication.asmx in that fashion by itself. I think you would need to create a custom authentication provider that could look for and consume the cookie.

Another approach is similar to what @Nikhil is suggesting but instead of using ADFS you use a reverse proxy. TMG used to be a goto here, but MS has discontinued that. Other options are F5, Citrix, and A10. There are some open source options such as Squid can also provide this function (I have not tested Squid in this manner). Basicly this 3rd device is what the user authenticates too and it in turn authenticates to the applications on the users behalf. It can store multiple logins in it's own cookies and make those connection.

OTHER TIPS

If you are looking for SSO like scenario ,i think you can implement SAML . Pass the SAML token to Sharepoint(Relying party) , when users login to the third party application(Identity Provider) or click on some link on third party appliction to enter your SharePoint site.

Licensed under: CC-BY-SA with attribution
Not affiliated with sharepoint.stackexchange
scroll top