Azure Active Directory (SAML 2.0)

Owned by Karl Henselin
Last updated: Oct 13, 2022
2 min read

Here are the steps to setting up SAML 2.0 SSO with Azure Active Directory:

Login to portal.azure.com

Go to Azure Active Directory.

Create a new Enterprise Application.

Create your own custom application.

Give a name, choose Integrate any other application, and click Create.

You will be on the Overview Page. You can copy the application ID now, as you will need it in a few minutes.

Then click the Get started link in Set up single sign on.

Edit the Basic SAML Configuration.

Fill in an identifier, the reply, relay, and logout urls.

 

Download the certificate and install it in a keystore. The keystore will be specified in the sso.config file.

Also copy the App Federation Metadata Url. You will need this in the sso.config file.

 

Replace capitalized text with appropriate values.

  • FLEXDEPLOY_HOME - Directory on the server where FlexDeploy is installed

  • KEYSTORE_PASSWORD - The Java key store password.

  • PRIVATE_KEY_PASSWORD -The private key password.

  • METADATA_URL - The App Federation Metadata Url (e.g. https://login.microsoftonline.com/<tenant-id>/federationmetadata/2007-06/federationmetadata.xml?appid=<app-id>).

  • FLEXDEPLOY_HOST - FlexDeploy application host

  • FLEXDEPLOY_PORT - FlexDeploy application port

Example fdsso.config file for Azure Active Directory

callbackFilter.defaultUrl = /flexdeploy saml2Config = org.pac4j.saml.config.SAML2Configuration saml2Config.keystorePath = saml2Config.keystorePassword = KEYSTORE_PASSWORD saml2Config.privateKeyPassword = PRIVATE_KEY_PASSWORD saml2Config.identityProviderMetadataPath = https://login.microsoftonline.com/62968...26eb/federationmetadata/2007-06/federationmetadata.xml?appid=9...64 saml2Config.maximumAuthenticationLifetime = 76000 saml2Config.serviceProviderEntityId = spn:<Application ID> saml2Config.serviceProviderMetadataPath = /u01/flexdeploy/apache-tomcat-flexdeploy/sso/FlexDeployMetadata.xml saml2Client = org.pac4j.saml.client.SAML2Client saml2Client.configuration = $saml2Config clients.callbackUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy/callback clients.clients=$saml2Client isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher excludedPathMatcher.excludedPath = /faces/login.jsf config.authorizers = admin:$isAuthenticatedAdmin config.matchers = excludedPath:$excludedPathMatcher ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter ssoFilter.config = $config ssoFilter.clients = SAML2Client ssoFilter.matchers = nocache ssoFilter.authorizers = admin logout = io.buji.pac4j.filter.LogoutFilter logout.config = $config logout.localLogout = true logout.centralLogout = false logout.defaultUrl = https://FLEXDEPLOY_HOST:FLEXDEPLOY_PORT/flexdeploy

 

The following macros are not currently supported in the footer:
  • style