Microsoft has at times indicated that the Azure Graph services will be retired. This implementation uses them. Consider using Azure AD SAML 2.0 SSO instead.

Change log

• FlexDeploy 6.0.0.1 - (Optional) AzureAdClient should now be replaced with FlexAzureAdClient to opt in to using User avatars from Azure AD.

  • This includes updates to azureAdClient, ssoFilter.clients in the sso config and the web redirect uri on the Azure application.

• FlexDeploy 6.0.0.0 - The values for callbackFilter.defaultUrl, excludedPathMatcher.excludedPath and logout.defaultUrl have changed

callbackFilter.defaultUrl = /flexdeploy/next/#/home
oidcConfig = org.pac4j.oidc.config.AzureAdOidcConfiguration
oidcConfig.clientId = APPLICATION(CLIENT)IDe
oidcConfig.secret = CLIENTSECRET
oidcConfig.discoveryURI = https://login.microsoftonline.com/DIRECTORY(TENANT)ID/.well-known/openid-configuration
oidcConfig.useNonce = true
oidcConfig.tenant = DIRECTORY(TENANT)ID

azureAdClient = org.pac4j.oidc.client.FlexAzureAdClient
azureAdClient.configuration = $oidcConfig

clients.callbackUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/callback
clients.clients = $azureAdClient

isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = FlexAzureAdClient
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin

logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = true
logout.defaultUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/home