issues with AD Auth on android devices

Answered
Craig Button asked on December 14, 2022

Hello,
There seems to be an issue on android devices where the login prompt for AD Authentication will repeatably popup making it impossible to type into.
Also the site we host this on already requires AD Authentication so is there a way of passing this to Flexmonster instead of Flexmonster asking for the login again?
Kind regards,
Craig Button

7 answers

Public
Solomiia Andrusiv Solomiia Andrusiv Flexmonster December 15, 2022

Hello, Craig!
 
Thank you for reaching out to us.
 
Could you please confirm if our assumptions about the case are right:

  1. You are connecting to the cube using Flexmonster Accelerator.
  2. In the described case, Windows Authentication is used along with the withCredentials property enabled.

This information would help us greatly to continue the investigation.
 
Looking forward to hearing from you.
 
Regards,
Solomiia

Public
Craig Button December 16, 2022

Thanks for the reply.
1.We are using Flexmonster Accelerator.
2.We are doing that but on devices that are not signed into AD e.g. a mobile device. The prompt will come up again even though they are signed into the site. This is not a problem for AD devices such as a desktop as they just re-authenticate against Flexmonster.
 

Public
Solomiia Andrusiv Solomiia Andrusiv Flexmonster December 16, 2022

Hello, Craig!
 
Thank you for the provided details about your use case.
 
The described behavior with authorization pop-ups seems to us as a specific behavior of Android on mobile devices combined with the way the authorization is handled.
 
As a possible alternative, we kindly suggest using requestHeaders to handle the authorization.

The idea lies in the following:
 
The requestHeaders property of the dataSource object allows sending credentials with the data request:

dataSource: {
      type: "microsoft analysis services",
      //other connection properties,
      binary: true,
      requestHeaders: {
        "Authorization": "XXXX",
      }
  }

This way, instead of directly connecting to Flexmonster Accelerator, you can connect to the reversed-proxy server. This server would check the authorization token and redirect the request to Accelerator if authorization is successful or reject it if not.
 
Hope you will find our answer helpful.
Feel free to contact us if any other questions arise.
 
Regards,
Solomiia

Public
Craig Button December 16, 2022

Hello Solomiia,
We aren't using any proxies so I'm not sure this will work. 
Also are you expecting this to be credentials created in Flexmonster or still AD because we require AD Credentials.
Kind regards,
Craig Button

Public
Solomiia Andrusiv Solomiia Andrusiv Flexmonster December 19, 2022

Hello, Craig!
 
Thank you for your reply.
 
Kindly note that Flexmonster itself does not handle any authorizations. With using withCredentials: true Flexmonster only initialize the authorization process on the other side. That's why we think the described behavior with authorization pop-ups seems to us as a specific behavior of Android on mobile devices combined with the way the authorization is handled.
 
We have recommended implementing a reverse-proxy server, as the Accelerator could only check the Authorization token passed in an open way. With your own reverse-proxy server, you can use the AD credentials as well as any other. The server should check if the credentials are correct and then redirect the request to Flexmonster Accelerator or reject it.
 
We hope it helps.
Feel free to contact us in case of any other questions.
 
Regards,
Solomiia

Public
Craig Button December 19, 2022

Thanks Solomiia.
Kind regards,
Craig Button

Public
Solomiia Andrusiv Solomiia Andrusiv Flexmonster December 20, 2022

Hello, Craig!

Thank you for your response.

You are welcome to contact us in case of any other questions.

Regards,
Solomiia

Please login or Register to Submit Answer