Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Current »

Microsoft has at times indicated that the Azure Graph services will be retired. This implementation uses them. Consider using Azure AD SAML 2.0 SSO instead.

Replace capitalized text with appropriate values.

  • APPLICATION(CLIENT)ID

  • CLIENTSECRET

  • DIRECTORY(TENANT)ID

  • FLEXDEPLOYHOST

  • FLEXDEPLOYPORT

Example fdsso.config file for Azure Active Directory

Change log

  • FlexDeploy 6.0.0.1 - (Optional) AzureAdClient should now be replaced with FlexAzureAdClient to opt in to using User avatars from Azure AD.

    • This includes updates to azureAdClient, ssoFilter.clients in the sso config and the web redirect uri on the Azure application.

  • FlexDeploy 6.0.0.0 - The values for excludedPathMatcher.excludedPath and logout.defaultUrl have changed

oidcConfig = org.pac4j.oidc.config.AzureAdOidcConfiguration
oidcConfig.clientId = APPLICATION(CLIENT)ID
oidcConfig.secret = CLIENTSECRET
oidcConfig.discoveryURI = https://login.microsoftonline.com/DIRECTORY(TENANT)ID/.well-known/openid-configuration
oidcConfig.useNonce = true
oidcConfig.tenant = DIRECTORY(TENANT)ID

azureAdClient = org.pac4j.oidc.client.FlexAzureAdClient
azureAdClient.configuration = $oidcConfig

clients.callbackUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/callback
clients.clients = $azureAdClient

isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = FlexAzureAdClient
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin

logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = true
logout.defaultUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/home

Register application in Azure Active Directory.

Capture Application (client) ID and Directory (tenant) ID from App Registration.

Create and capture client secret.

Here is how URL values are configured on Azure App Registration.

  • No labels