Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Example fdsso.config file for Azure Active Directory

Info

Change log

FlexDeploy 6.0.0.1 - (Optional) AzureAdClient should now

Notes

AzureAdClient can be replaced with FlexAzureAdClient to opt in to using User avatars from Azure AD

.
  • This includes updates to azureAdClient, ssoFilter.clients in the sso config and the web redirect uri on the Azure application.

FlexDeploy 6.0.0.0 - The values for excludedPathMatcher.excludedPath and logout

.

defaultUrl have changed

Code Block
oidcConfig = org.pac4j.oidc.config.AzureAdOidcConfiguration
oidcConfig.clientId = APPLICATION(CLIENT)ID
oidcConfig.secret = CLIENTSECRET
oidcConfig.discoveryURI = https://login.microsoftonline.com/DIRECTORY(TENANT)ID/.well-known/openid-configuration
oidcConfig.useNonce = true
oidcConfig.tenant = DIRECTORY(TENANT)ID

azureAdClient = org.pac4j.oidc.client.FlexAzureAdClient
azureAdClient.configuration = $oidcConfig

clients.callbackUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/callback
clients.clients = $azureAdClient

isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = FlexAzureAdClient
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin

logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = true
logout.defaultUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/home

...