I've configured a DMA to authenticate through AzureAD via SAML.
This works fine, but I have some questions:
- For the web apps, I can force the authentication popup to be shown again by deleting the microsoftonline.com cookies. Cube however keeps automatically logging the user in, after an initial successful authentication. Where is that 'session data' stored, and how can I remove it to force the user to authenticate again?
- In case the user authenticates in Windows with the same AzureAD account, do we support single sign-on (SSO) for that account in DataMiner, similar as we do for a classic ActiveDirectory account?
Thanks!
Hi Ruben,
You can manually clear the Cube browser caches by closing all open Cube applications and deleting these folders:
%LocalAppData%\Skyline\DataMiner\DataMinerCube\CefSharp\UserCache
%LocalAppData%\Skyline\DataMiner\DataMinerCube\Edge\Data
This removes all cookie and session data and will make you go through the entire authentication process again.
A true single-sign-on experience where the user does not need to do anything to be authenticated for the first time is technically possible (depending on whether AzureAD allows this (*)) but is currently not enabled in Cube as a security measure. This could be made available as an option or even the default.
(*) This requires that the user has already authenticated on AzureAD in the system browser at some point. You can already check if this works for the Mobile webapps if you open them in the Edge browser.