MSAL Single Sign On Authentication

Product: PowerShell Universal
Version: 1.4.6

I’ve written a frontend that passes MS token to the PowerShell backend in the header of the request. It uses Microsoft portal single sign on (MSAL). I’m trying to then authenticate by bouncing that token to Azure AD. Do I have to do the OpenID Connect configuration (OpenID Connect - PowerShell Universal) or do I authenticate by calling a function like:

> Connect-AzureAD -MsAccesstoken $token

If I understand correctly, this is not currently supported. I believe that the Connect-AzAccount (using the newer, AZ modules) cmdlet supports SSO, in that the user running the PowerShell instance, if an AAD user, can be used to sign in non-interactively.

The tokens however, I do not believe are the same token you’re trying to pass. This StackOverflow discussion may be of some help (though, this is definitely a bit of a difficult topic to find much info on, as I’ve also gone down this rabbit hole)

Based on everything I’ve read, you’d find much more success passing a secure credential object into PS, and logging in with the cmdlet using the credential.

Thanks for that! I’m not sure I want to use the PSCredential object because it will mean that I’m sending credentials from the frontend to the back, which I want to try avoid. I’ll look into the resources you sent :).

1 Like