leapp icon indicating copy to clipboard operation
leapp copied to clipboard

Published 20 hours ago verified publisher icon Noovolari

Support IdP authentication via external web browser to allow the use of saved credentials

Open jonasneves-signifyd opened this issue 2 years ago • 7 comments

Is your feature request related to a problem? Please describe. It's not possible to use saved credentials with the little pop up window that shows up for authentication in the app. I have to type my username and password every time.

Describe the solution you'd like Allow us to choose an external browser for IdP authentication.

jonasneves-signifyd avatar Apr 28 '22 14:04 jonasneves-signifyd

Thanks for the enhancement! sadly I still don't know if it is possible to extract the SAML 2.0 response from an external provider.

Any suggestion on how to do it?

andreacavagna01 avatar Apr 28 '22 15:04 andreacavagna01

No idea if this would work or is blocked, but can the Leapp app listen for a redirect back to Leapp:// or something that contains the response the IdP provider redirects back to?

Plasma avatar May 06 '22 12:05 Plasma

This is a great suggestion but I still don't have studied this opportunity, is there anyone capable to create a callback from the browser in a safe way? that's the problem with SAML 2.0

andreacavagna01 avatar May 18 '22 08:05 andreacavagna01

I’ve not looked into SAML redirect logic, but I was hoping it was possible to ask the redirect (if that’s supported?) to end up at say Leapp:// protocol which Leapp can respond to to receive the auth information.

Alternatively, could Leapp write a temp HTML file to disk that is opened by the app as a way to start the process? I’m not sure.

Plasma avatar May 21 '22 02:05 Plasma

@urz9999 as started looking on the best practices for a custom leapp:// protocol, but I think more R&D is needed to give you a better answer

andreacavagna01 avatar Jun 08 '22 10:06 andreacavagna01

@andreacavagna01 I didn't deal with electron in the past, but it's possible to implement this with other languages using a similar idea to what @Plasma is suggesting (I used the same approach in GoLang). You would create a localhost service that would be the callback URL, and you will be able to process the response from the SSO.

I am not sure if you have seen this discussion before but sharing it for visibility: https://stackoverflow.com/questions/56642542/how-implement-auth0-authentication-using-external-browserchrome-firefox-etc-i

abebars avatar Dec 11 '22 01:12 abebars

I was just looking for this myself. I love using leapp but our security team made some policy changes and we are only able to authenticate inside of Edge or Chrome directly, in app browsers are not recognized as authorized by our companies conditional access policies.

mholttech avatar Feb 06 '24 19:02 mholttech