Windows single sign-on Setup

How to setup AD authentication in HTML5? Could you please give some example of configuration files? Thank you.

It is enough to set up an IIS Windows Authentication with the latest versions of ORIGAM (master). Windows button will appear under the login box. Clicking on it will use the current user’s Windows login to authenticate.

I enabled IIS Windows Authentication and the button appeared. When I click the button there is error page shown with different URL - instead of https://localhost/, it is rewritten to https://localhost/External/Callback and http error is thrown - This localhost page can’t be found.

Is there a way to automatically login with Windows credentials without clicking the button?
Thank you!

You actually have to create a record in OrigamUser table for each user. Password can be an empty string (not NULL).

In order to automatically create the records you can use this trigger:

SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author:		Advantage Solutions, s. r. o.
-- Create date: 25.3.2021
-- Description:	Creates OrigamUser record for 
-- a newly assigned user so he can login with 
-- Windows auth.
-- =============================================
CREATE TRIGGER dbo.CreateOrigamUser 
   ON  dbo.BusinessPartner 
   AFTER INSERT,UPDATE
AS 
BEGIN
	SET NOCOUNT ON;
	declare @userName nvarchar(100)
	declare @id uniqueidentifier
	select @userName = UserName, @id = Id from inserted
	IF (@userName IS NOT NULL and NOT EXISTS 
		(select * from OrigamUser where refBusinessPartnerId = @id)) 
	BEGIN
		INSERT INTO OrigamUser (Id, refBusinessPartnerId, 
			UserName, Password, IsLockedOut, FailedPasswordAttemptCount, 
			EmailConfirmed, Is2FAEnforced)
		VALUES
			(newid(), @Id, @userName, '', 0, 0, 1, 0)
	END
	IF (@userName IS NULL) 
	BEGIN
		DELETE FROM OrigamUser where refBusinessPartnerId = @id
	END
END
GO

Thank you for the script. I think there is a little bug - the SELECT in first condition should be: select * from OrigamUser where refBusinessPartnerId = @id
This removes the http error.
Is there a way to bypass the login screen (no button clicking) and directly use Windows credentials to login the application like in Flash version?

This is the only way to use external logins currently.

9 posts were split to a new topic: Windows SSO keeps asking for credentials