Embedded ShinyProxy Multiple Microsoft Account Authentication Issue with Azure B2C

[nik-humphries]

This might be a question for the containerproxy repo.

We are using Azure B2C for our authentication currently, and also embedding ShinyProxy within an iFrame due to a quirk of how we want to deliver. A user authenticates in a parent frame to begin a session, and then this session is recognised in SP as SSO in the iFrame and everything works. This doesn't work however if a user is logged in to more than one Microsoft account (or if for some reason the Microsoft prompt decides to appear), as a dialogue will attempt to be shown to pick which Microsoft account you want to use. login.microsoftonline.com cannot be embedded which means you cannot access SP via this route.

We tried something to do with favoured sessions or something like that that didn't work. The suggested solution online is to have the account picker / login.microsoftonline.com appear in a pop up window so that it is not in a frame.

Is this something that has been come across before / is there a suggested work around or solution for this? I've done some googling on auth popups with thymeleaf security but haven't found anything useful yet.

[LEDfan]

Hi

This is an interesting issue for which I don't immediately have a solution.

Maybe you can try implementing the pop up window workaround on the parent site? For example, using AJXA perform a request to ShinyProxy. If it succeeds, you can embed ShinyProxy and finish the loing procedure. If not, you can open a popup, let the user login and close the popup afterwards.

I'm not sure if this is something we could/should implement in ShinyProxy, although I'll try to come with a solution.