Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (3)

Resolved Azure AD, SAML 2.0 and Powerbuilder

  1. How-to
1
Votes
Undo
  1. Charlotte Holstein Jensen
    Charlotte Holstein Jensen
  2. PowerBuilder
  3. Tuesday, 23 October 2018 12:46 PM UTC

Hi,

I have a request from a customer on using Azure AD and authorizing access to our PB application using SAML 2.0.

Is there any features/plug-ins in PB2017 for this? 

 

Best Regards,

Charlotte Holstein Jensen

Seniordeveloper

Mark Information A/S

 

PB12 and PB2017 Applications installed in same mac...
Documentation of pbc170 parameters
Responses (3)
Olaf Brungot
Olaf Brungot Accepted Answer Pending Moderation
  1. Thursday, 16 May 2019 09:11 AM UTC
  2. PowerBuilder
  3. # 1

Please check my own thread on this -> https://community.appeon.com/index.php/qna/q-a/saml-oauth-support-in-pb-2017

Comment
There are no comments made yet.
Michael Kramer
Michael Kramer Accepted Answer Pending Moderation
  1. Saturday, 18 May 2019 13:32 PM UTC
  2. PowerBuilder
  3. # 2

Hi Charlotte,

May look like yes/no answer - but the technology is more complex:

  1. No! - No direct integration where you just check a checkbox.
  2. Yes! - Certainly possible to do role/group based access control in PB apps.
  3. Yes! - Certainly possible to integrate with O/S based authentication like AD/ADFS/SAML 2.0
  4. My experience: Technology sometimes is a bit tricky when you are first mover.
  5. Visual Guard may provide such integration but that is yet another product to integrate in your solution.

If still relevant don't hesitate to contact me directly.

I worked in Rødovre for 5 years integrating PB apps with Danmarks Miljøportal using ADFS/SAML 2.0. And I do speak Danish if that makes the conversation any easier.

HTH /Michael

Comment
There are no comments made yet.
Kevin Ridley
Kevin Ridley Accepted Answer Pending Moderation
  1. Monday, 20 May 2019 12:45 PM UTC
  2. PowerBuilder
  3. # 3

You should be able to use Azure / AD / OAuth2 with the Password Grant flow from PB 2017.  I've done this to access MS Dynamics API in the cloud, but you should be able to just check for a valid token returned from the token request to see if the user has access or not.  One of the parameters of a Password Grant request is the resource you are trying to access, so you *MAY* have to setup a "dummy" website/service in your cloud and grant access to all PowerBuilder app users as the resource that you are trying to access.  You are supposed to be able to use Microsoft Graph or Azure AD Graph as the resource but I'm not very familiar with those.

 

So the way it would work from PB, is you would setup a service app in Azure and get a client_id and client_secret, then get the user's id/pw either from AD or a login screen.  Next you would use the OAuthClient to make a token request to the oauth2 token endpoint: https://login.windows.net/{tenant}/oauth2/token .  If you are returned a valid access token in the tokenresponse, then the user has access to the application.

 

Here's a link to help explain the password grant:

https://blogs.msdn.microsoft.com/wushuai/2016/09/25/resource-owner-password-credentials-grant-in-azure-ad-oauth/

 

If you need outside help, look me up on LinkedIN: https://www.linkedin.com/in/kevin-ridley-88a40913/

Comment
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.