Azure Active Directory (OpenId Connect)

Owned by Karl Henselin
Last updated: Jun 03, 2024 by Joel Wenzel
2 min read

 

Microsoft has at times indicated that the Azure Graph services will be retired. This implementation uses them. Consider using Azure AD SAML 2.0 SSO instead.

Replace capitalized text with appropriate values.

  • APPLICATION(CLIENT)ID

  • CLIENTSECRET

  • DIRECTORY(TENANT)ID

  • FLEXDEPLOYHOST

  • FLEXDEPLOYPORT

Example fdsso.config file for Azure Active Directory

Notes

AzureAdClient can be replaced with FlexAzureAdClient to opt in to using User avatars from Azure AD.

oidcConfig = org.pac4j.oidc.config.AzureAdOidcConfiguration oidcConfig.clientId = APPLICATION(CLIENT)ID oidcConfig.secret = CLIENTSECRET oidcConfig.discoveryURI = https://login.microsoftonline.com/DIRECTORY(TENANT)ID/.well-known/openid-configuration oidcConfig.useNonce = true oidcConfig.tenant = DIRECTORY(TENANT)ID azureAdClient = flexagon.fd.model2.sso.FlexAzureAdClient #or #azureAdClient = org.pac4j.oidc.client.AzureAdClient azureAdClient.configuration = $oidcConfig clients.callbackUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/callback clients.clients = $azureAdClient isAuthenticatedAdmin = org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer excludedPathMatcher = org.pac4j.core.matching.matcher.PathMatcher excludedPathMatcher.excludedPath = /next/#/login config.authorizers = admin:$isAuthenticatedAdmin config.matchers = excludedPath:$excludedPathMatcher ssoFilter = flexagon.fd.ui.security.FlexPac4jFilter ssoFilter.config = $config ssoFilter.clients = FlexAzureAdClient ssoFilter.matchers = nocache ssoFilter.authorizers = admin logout = io.buji.pac4j.filter.LogoutFilter logout.config = $config logout.localLogout = true logout.centralLogout = true logout.defaultUrl = https://FLEXDEPLOYHOST:FLEXDEPLOYPORT/flexdeploy/next/#/home

Register application in Azure Active Directory.

Capture Application (client) ID and Directory (tenant) ID from App Registration.

Create and capture client secret.

Here is how URL values are configured on Azure App Registration.

The following macros are not currently supported in the footer:
  • style