MSAL with Azure AD B2C and Single Sign On

5
votes

I'm working on a system with a few Angular 4 SPAs each talking to a separate Asp.NET Core 2.0 WebAPI.

Azure AD B2C is being used as the identity service for each SPA/API, and MSAL.js as part of our Angular SPAs.

We want to support Single Sign-on to prevent the user needing to re-enter credentials when switching from one SPA to another.

Is it possible to get single sign-on behavior using msal.js v0.1.7?

1
single-sign-onazure-ad-b2cmsalmsal.js
What do you expect the user experience to be when users move from the first SPA to the second one? Are they already signed in to the second one?Chris Padgett
To be silently authenticated using the JWT from their initial login (e.g. not to have to re-enter their username and password).TonE

1 Answers

-1
votes

SSO with MSAL.js is possible. For browser-based apps you achieve SSO through cookies/sessions rather than tokens/token management. Please refer to the Github library. MSAL.js allows you to use acquireTokenSilent() to use a valid cookie via hidden iframe.

That said, the recommended way to do this is by using Azure KMSI with custom policies. This is because browser-based applications don't always keep users logged in and things like password changes can invalidate a user session.