Azure Active Directory (OpenId Connect)
Microsoft has at times indicated that the Azure Graph services will be retired. This implementation uses them. Consider using Azure AD SAML 2.0 SSO instead.
Replace capitalized text with appropriate values.
APPLICATION(CLIENT)ID
CLIENTSECRET
DIRECTORY(TENANT)ID
FLEXDEPLOYHOST
FLEXDEPLOYPORT
Example fdsso.config file for Azure Active Directory
Notes
AzureAdClient can be replaced with FlexAzureAdClient to opt in to using User avatars from Azure AD.
oidcConfig = org.pac4j.oidc.config.AzureAdOidcConfiguration
oidcConfig.clientId = APPLICATION(CLIENT)ID
oidcConfig.secret = CLIENTSECRET
oidcConfig.discoveryURI = https://login.microsoftonline.com/DIRECTORY(TENANT)ID/.well-known/openid-configuration
oidcConfig.useNonce = true
oidcConfig.tenant = DIRECTORY(TENANT)ID
azureAdClient = org.pac4j.oidc.client.FlexAzureAdClient
azureAdClient.configuration = $oidcConfig
clients.callbackUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/callback
clients.clients = $azureAdClient
isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer
excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher
excludedPathMatcher.excludedPath = /next/#/login
config.authorizers = admin:$isAuthenticatedAdmin
config.matchers = excludedPath:$excludedPathMatcher
ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter
ssoFilter.config = $config
ssoFilter.clients = FlexAzureAdClient
ssoFilter.matchers = nocache
ssoFilter.authorizers = admin
logout = io.buji.pac4j.filter.LogoutFilter
logout.config = $config
logout.localLogout = true
logout.centralLogout = true
logout.defaultUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/homeRegister application in Azure Active Directory.
Capture Application (client) ID and Directory (tenant) ID from App Registration.
Create and capture client secret.
Here is how URL values are configured on Azure App Registration.
The following macros are not currently supported in the footer:
- style