Chromium Embedded Framework Forum

by **tumata** » Thu Sep 22, 2016 2:13 pm

Hello everyone.

I spent the past week trying to get my head around this issue, unsuccessfully. Thanks in advance for you help.

I am authenticating users of my app in our intranet, against an ADFS server using OAuth2. To do this, I create a browser and give it the authorize URL. The Windows ADFS server will then authorize using IWA (Integrated Windows Authentication).

If I put the URL in a Chrome browser, a prompt will popup and ask for the domain credentials. Furthermore, if the server's address is white-listed in the internet parameters of the computer, then it auto-logins using windows credentials.

Now on my application, the browser will not show a prompt to enter credentials and will remain empty. Interestingly, if I white-list the server's address, then it does auto-login. (this may be a good clue to help finding the cause ?)

Does CEF takes care of displaying the authentication dialog for domain credentials like it does in Chrome? Is it supported?
Could it be a problem that comes from the Kerberos SPN generation ?
Anything else?

I'm lost here...
Thanks.

by **Czarek** » Fri Sep 23, 2016 12:12 am

What OS and CEF version? Have you implemented CefRequestHandler::GetAuthCredentials?

by **tumata** » Tue Sep 27, 2016 6:12 pm

We use Windows 7 (it appears auto-logins doesn't work AT ALL with Windows 10)
As for CEF we use version 3.26...

CefRequestHandler::GetAuthCredentials has been implemented yes, and when I call the callback providing my hard-coded credentials as a test, then it logs-in.
But there is no way I could (and should) get these credentials inside my app obviously.

CEF doesn't handle showing the windows prompt ?

by **fddima** » Tue Sep 27, 2016 7:20 pm

tumata wrote:CEF doesn't handle showing the windows prompt ?

It doesn't, and should not - it allow you to show own dialog.

by **tumata** » Wed Sep 28, 2016 10:08 am

Oh, there was a misunderstanding on my side then... thank you. I thought this would be a security issue as it will allow us to access their corporate's password...

Would anyone have a template for this dialog ? Or can I find it somewhere ? To make it look the same as the one in the browser.

Thanks, all start to make sense now.

by **Czarek** » Wed Sep 28, 2016 12:29 pm

I've been implementing httpauth dialog in CEF Python 1 on Windows, you can take a look at the code here:
1. C++ code: https://github.com/cztomczak/cefpython/ ... entication
2. Python call from inside GetAuthCredentials callback:
a) https://github.com/cztomczak/cefpython/ ... 1.pyx#L231
b) https://github.com/cztomczak/cefpython/ ... on_win.pyx

Updated

Chromium Embedded Framework Forum

Issues with IWA, authenticating (OAuth2) to ADFS an server

Issues with IWA, authenticating (OAuth2) to ADFS an server

Re: Issues with IWA, authenticating (OAuth2) to ADFS an serv

Re: Issues with IWA, authenticating (OAuth2) to ADFS an serv

Re: Issues with IWA, authenticating (OAuth2) to ADFS an serv

Re: Issues with IWA, authenticating (OAuth2) to ADFS an serv

Re: Issues with IWA, authenticating (OAuth2) to ADFS an serv

Who is online