This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(70.4, 31%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
Hello,
I have SAML based desktop app on Win10 box.
So I believe, I will NOT get help from MSAL library or WAM/broker
That’s fine because app can open the browser, redirect the user to the cloud-counterpart of the app to generate SAML-request and route the user to AAD to complete authentication.
AAD will send SAML-assertion to cloud-counterpart of the app to validate, generate some proprietary token for the desktop-app and finally the browser will relay it to the desktop-app.
This last point is where I am not sure how browser can invoke the desktop-app (step #8 and #9) and fade itself out so that desktop-app can now take the control and let the user in the app.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi @testuser7 , did you get this graphic from a document? If so can you please link it so I can read through it?
Best,
James
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 90%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAK%3C/text%3E%3C/svg%3E)
Hi, if the posted answer resolves your question, please mark it as the answer by clicking the check mark. Doing so helps others find answers to their questions.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 16%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHZ%3C/text%3E%3C/svg%3E)
Hi @testuser7 , I was wondering if you did find a solution for this problem ? Thanks
No, I created that graphic. I think the whole flow is very self-explanatory. Isn't it ?
Do you think the desktop app has to use some custom-url-scheme ??
Hi @testuser7 , I'm sorry but I'm not certain what you're asking about. Are you trying to understand how to build something like this or just understand how it works?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 80%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBA%3C/text%3E%3C/svg%3E)
Hi, @testuser7 have you found the solution to the last point, That is how the browser can invoke the desktop app (step #8 and #9) and fade itself out so that the desktop app can now take control and let the user in the app.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 63%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
I get what you are asking as it is good to know how to deal with the Windows App SAML piece, as SAML operates in web context - but the image is wrong and confusing some
The Desktop App "is" actually the SP (even if there is a web window) and it talks to the IdP directly, there is no redirect to the SP. I would put the Azure AD on the far right side.
Basically:
It is my understanding that the SAML web session should be able to set a value on the machine which can be validated by the windows app. This is basically what Outlook does with Modern Auth.
The following article looks like it is what you need if still and issue
https://kvonkonigslow.medium.com/integrating-a-saml-authenticated-service-with-a-net-desktop-application-using-webview2-b4b3a6c263da
Thanks. Will look into it.