问题
I'm working on a system with a few Angular 4 SPAs each talking to a separate Asp.NET Core 2.0 WebAPI.
Azure AD B2C is being used as the identity service for each SPA/API, and MSAL.js as part of our Angular SPAs.
We want to support Single Sign-on to prevent the user needing to re-enter credentials when switching from one SPA to another.
Is it possible to get single sign-on behavior using msal.js v0.1.7?
回答1:
SSO with MSAL.js is possible. For browser-based apps you achieve SSO through cookies/sessions rather than tokens/token management. Please refer to the Github library. MSAL.js allows you to use acquireTokenSilent() to use a valid cookie via hidden iframe.
That said, the recommended way to do this is by using Azure KMSI with custom policies. This is because browser-based applications don't always keep users logged in and things like password changes can invalidate a user session.
来源:https://stackoverflow.com/questions/51242142/msal-with-azure-ad-b2c-and-single-sign-on