96
Views
3
Comments
Solved
Retrieve token when authenticated against Azure AD
Question

Hi,


I hope somebody can help me with an issue I have at this moment. We already configured that the authentication should be based on Azure AD (OS 11): https://success.outsystems.com/Documentation/11/Developing_an_Application/Secure_the_Application/End_User_Management/End_Users_Authentication/Configure_Azure_AD_Authentication?utm_source=ost-outsystems+tools&utm_medium=ost-users&utm_campaign=ost-docrouter&utm_content=ost-helpid-30209&utm_term=ost-contextualhelp

 

The authentication part is working fine, but now we want to use our Azure AD authentication to make a REST call  to an SAP system. The question is how to retrieve the access token that can be used to execute the REST call.


I’ve read some blogs about the MicrosoftLoginConnector, but this seems overkill to me (as I am already authenticated). I tried to use this connector to get the token anyway, but then I get the message that the user has no token.

 

And now I’m confused… Because I’m authenticated, I expect that somewhere in my session there is a token which I can use.  I hope that somebody can explain me what I’m doing wrong.

 

Regards,

Peter


Champion
Rank: #86
Solution

The native authentication mechanism of OutSystems is via the SAML protocol. SAML doesn't allow to retrieve tokens for access to external systems. You need to authenticate with the oAuth2 protocol instead and that is something the Microsoft Login Connector allows. So in your use-case you will need to migrate from the OS native mechanism to something else.

You can read a bit more of the differences between the different protocols here: https://www.okta.com/identity-101/whats-the-difference-between-oauth-openid-connect-and-saml/

Rank: #320

Hi, 


As far as i know, it is not possible to retrieve this token with the built-in Azure AD authentication. So your solution would be correct, to use the microsoft Login connector, which will supply a token after logging in.

Champion
Rank: #86
Solution

The native authentication mechanism of OutSystems is via the SAML protocol. SAML doesn't allow to retrieve tokens for access to external systems. You need to authenticate with the oAuth2 protocol instead and that is something the Microsoft Login Connector allows. So in your use-case you will need to migrate from the OS native mechanism to something else.

You can read a bit more of the differences between the different protocols here: https://www.okta.com/identity-101/whats-the-difference-between-oauth-openid-connect-and-saml/

Rank: #82568

Peter Boertien,

I am now facing the same challenge: Using Azure AD authentication; now need to forward the authenticated user to a REST API of an external system.

Vincent Koning mentioned that the solution would require to use instead the oAuth2 protocol, and so switching to use  Microsoft Login Connector instead the native authentication mechanism of OutSystems for Azure AD, because then it is possible to retrieve the token to then forward it.

Were you able to implement a working solution?

If so, can you provide a summary of the steps?

Thanks.

--Tiago Bernardo