Hello Team,
Can we implement SSO using azure AD login connector in traditional application ?
As of now we have implemented SSO using IDP component in traditional app but it consumes more than 40 application object. Due to that we are looking for an alternative way to achieve the same.
Please share your thoughts and suggetions on the same.
Thanks in advance.
The component is just a backend service and can therefore be used with any front-end technology, including traditional web apps. If you have SSO enabled in your factory, then this will work just fine for your initial user login. The component implements OAuth 2.0 but the default flow is just authentication using OpenId Connect, thus allowing you to achieve a login flow with Azure in the middle. Once the user is logged in, the OutSystems user session handles the SSO of it all.
Thank you for your response.
I would like to create demo in traditional web app using this component on personal environment. Will it work on personal environment or I need to implement and test it on licencened environment?
Regards,
Ajit Kurane
Actually, in opposition to Surendar's message below, it might not work in a personal environment. OutSystems hosts a number of shared platform instances and as such have had mixed results with different configurations. I have not had luck running it in my own personal environment because the callback URL from Azure far exceeds the URL length limit imposed on the environment. Unfortunately, this is not something you can change either. I have even tried writing to OutSystems support to get the URL length limit increased, but to no avail. I say you should give it a try and if it doesn't work, try to contact OutSystems support as well.
Thank you for your clarification. POC implementation is in progress on enterprise dev environment. I will share the implemention here for your review once it is done. Afterwards please suggest if anything needs to be change. And is it okay if I use callback page of the component to retrive response after the authentication ? Cause I am developing POC in traditional web app and callback page from reactive type of app.
Ajit Kurane.
Hey Ajit, glad I could help. Not to be rude, but I am not going to have the time necessary to do a code review of your POC, but you can find what I think are extremely detailed instructions on implementation here: Azure AD Login Connector - Documentation (O11) | OutSystems
Also, feel free to mark one of my answers as a solution if you found this helpful!
Hello Grayson,
I am getting below error, could you please suggest how can I resolve it ? Please find the attached poc oml for your reference and suggest any changes required on code level.Below values I have set up in connector management from azure portal app1)Application ID: (Client)2)Directory (tenant) ID3)Client secret value
Thanks.
This usually happens when there's a configuration problem, check and make sure you attached your UI espace to the configuration in the AzureADConnectorManagement app.
Thank you for your response. I have resolved that issue. But after entering username and password and authentication code, it is redirected on below page. It should go the POC app dashboard page. What changes are required ? Please review attached oml and suggest any changes required ?
THANKS.
Provide the RedirectToScreen parameter in your CreateAuthenticationURL action.
I have provided value there but still it is the same . Hope it is not happening cause that callback page is from reactive app and trying to redirect on traditional app after succesfull authentication. Please share your thoughts on the same.
I have found below error log in service center,
AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token. Trace ID: 939b3a91-3447-4b69-bb06-a962f3c02e00 Correlation ID: 49299f18-9e6c-4511-841e-f91e0e7935b2 Timestamp: 2025-07-08 06:10:36Z It is the same error which I was facing with microsoft login connector while implementation in traditional applications.
Is this bug in the component ?
Thank you.
This is not a bug in the component, authorization codes are single use. Are you pressing the back button? That error usually only occurs when someone presses the back button after they have successfully been redirected from the callback page because then the screen attempts to exchange the authorization code for a token again (which is impossible). There really appears to be no reason you should be ending up on the connector management app login screen. And no, there should be no reason you're having trouble navigating between a traditional and reactive web app. The redirects are all just 301s and the navigation between the apps is stateless.
No. I am not pressing the back button. How can I resolve this issue?
any work around have you found to resolve this issue ?
Let me take a step back. Is this enabled in your environment?
Find it in service center in your environment at /ServiceCenter/Environment_Mobile_App_Auth.aspx
If you are not allowed to make the change by your organization or some other requirement, you will need to make your own callback screen in a traditional web app - should basically be copy and paste.
Yes. I already enabled it.
Sure I will create callback page in traditional web app and register the same on Azure portal app.
Are you sure after this change will it work as expected?
Have you tried the same using traditional app at your side ?
Thank you so much for your support and time.
Hope you are doing well.
I created own callback screen in Traditional app itself and tested it but still I am getting the same error. Might be its bug in the component.
Do you have any solution to resolve this issue for traditional application ?
We have to implement MFA for traditional applications so please suggest solution to implement the same.
Is there any other option avialable in the OutSystems ? we have timeline for this implementation so your inputs will be much appreciated.
Hi @Ajit Kurane
It will work in personal environment also.