Welcome Guest Search | Active Topics | Sign In | Register

Essential Objects Product Support Forum » All Products » Support » Agentless Desktop Single Sign-on

Agentless Desktop Single Sign-on Options
Previous Topic · Next Topic
Apttus X-Author
Posted: Thursday, June 8, 2023 3:49:55 PM
Rank: Member
Groups: Member

Joined: 4/18/2018
Posts: 13
Hi,

My customer utilizes the agentless Desktop Single Sign-on on windows using Okta. Here's the article to configure the same https://help.okta.com/en-us/Content/Topics/Directory/ad-dsso-configure-browsers.htm. We use EO.Browser to authenticate a user within our application. The kerberos popup is always thrown whenever a user tries to Single Sign On to their Directory. Is there a way to support agentless Desktop Single Sign-on using EO.Browser with similar configuration provided in the above article?
Back to top
 
eo_support
Posted: Monday, June 12, 2023 3:08:36 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,088
Hi,

Have you tried to set Engine.ExtraCommandLineArgs to something like this:

EO.WebEngine.EngineOptions.Default.ExtraCommandLineArgs = "auth-server-allowlist=org.kerberos.okta.com";

This is equvalent to the registry setting used by Chrome browser. Make sure you set this before the browser engine starts (before any WebView is created). For example, with TabbedBrowser sample application, you can set it in App.xaml.cs before the main window is created.

Thanks!
Back to top
 
Apttus X-Author
Posted: Wednesday, June 14, 2023 12:47:54 PM
Rank: Member
Groups: Member

Joined: 4/18/2018
Posts: 13
Thank you for the suggestion. We've reached out to the customer for a hands on session to validate the same.
Back to top
 
Apttus X-Author
Posted: Thursday, July 13, 2023 3:51:39 PM
Rank: Member
Groups: Member

Joined: 4/18/2018
Posts: 13
Hi Support Team,

We worked with the customer to include the command line as suggested, but still get the Kerberos login dialog.

EO.WebEngine.EngineOptions.Default.ExtraCommandLineArgs = "auth-server-allowlist=org.kerberos.okta.com";
(org replaced with customer domain name as configured in their registry)

Is the name of the setting correct? "auth-server-allowlist"? Or should it be "AuthServerAllowlist" as one single word?
Back to top
 
eo_support
Posted: Thursday, July 13, 2023 4:03:56 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,088
Hi,

My apology. Can you try

Code:
--auth-server-allowlist=org.kerberos.okta.com


Instead of:

Code:
auth-server-allowlist=org.kerberos.okta.com


Note the two additional leading "-"s.

Thanks!
Back to top
 
Apttus X-Author
Posted: Tuesday, July 18, 2023 10:20:02 AM
Rank: Member
Groups: Member

Joined: 4/18/2018
Posts: 13
Hi

Customer has confirmed that --auth-server-allowlist=org.kerberos.okta.com setting works fine and the Kerberos dialog is not shown. Thank you so the solution.

Also, using either the below code should be fine, correct?

Code: C# 
EO.WebBrowser.Runtime.DefaultEngineOptions.ExtraCommandLineArgs = "--auth-server-allowlist=org.kerberos.okta.com";

OR
Code: C# 
EO.WebEngine.EngineOptions.Default.ExtraCommandLineArgs = "--auth-server-allowlist=org.kerberos.okta.com";
Back to top
 
eo_support
Posted: Tuesday, July 18, 2023 10:37:46 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,088
Thanks for confirming that it works. Yes. These two are exactly the same. Runtime.DefaultEngineOptions is a shortcut for EngineOptions.Default for backwards compatiblity reasons.
Back to top
 


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.