I have implemented the Azure AD authentication as shown in this article, here, but it isn't working. Whenever I use the AzquireTokenInteractive call it returns null. I followed the steps in the article exactly.
Can anyone please advise what is missing or what I have done wrong?
I found the solution to my problem. I removed the WithAuthority as I am logging into our company Azure AD only and no other tenants and I had to ensure that I pass through the scope correctly.
Related
I have followed the solution explained in the Azure SSO related question in the forum
After that i checked in the Portal Azure try testing from the portal itself but it keeps redirecting me to the login page only if doing it first time so its new to me though. am i missing something or i need to write login handler for my application to handle this as for now i have not created any handler for login because as per the description in the link it supposed to work .
I tried by having dd in the service provider that has been created but its not reflecting as i am confused and stuck here i am not getting where i need to write the logic where i need to handle users with type in this as for login now it is redirecting me to login route when i test it from azure portal.
Any guidance on this would be helpful !
• I would suggest you follow the Github documentation below for configuring the lavarel SAML SSO in Azure AD as it uses Lavarel package for SAML2 integration as a service provider itself. Also, as you have added the service provider in your case, it doesn’t need to if you are using v 5.5 and higher of Lavarel as it gets automatically registered. Its just for older versions that you need to add the service provider in ‘config/app.php’.
https://github.com/aacotroneo/laravel-saml2
• Thus, once you do the above and publish the config files accordingly by executing the php commands, then you will need to modify the IDP settings in PHP app’s configuration and in here, please ensure that you are entering the ACS(Reply) URL and Identifier (Entity ID) from the Azure AD created application correctly. Also, ensure that the required SAML URLs and certificate keys are correctly entered in the environment variables required in the aad_idp_settings.php
Also, please check the actual routes in the metadata, by navigating to ‘http(s)://{laravel_url}/{idpName}/metadata’ as they must be reachable for your application to pass the authentication claims to AAD for get the authentication token and since, you are configuring SSO, please check the IDP metadata for ‘http(s)://{laravel_url}/single_sign_on/mytestidp1/metadata’ and finally please ensure that ‘RedirectIfAuthenticated.php’ is configured to redirect to ‘/routesPrefix/myIdp1/login’ and the same in '/Exceptions/Handler.php'
By following the above steps, your issue should be resolved.
I am trying to get a Bot working with the Oauth example provided here: https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=aadv2%2Cjavascript
If I use Azure as an exemplary issuer all works ok. So the general code works out fine.
Now, I have an example Laravel Passport app running to issue myself for testing purposes. All configuration, normal login etc. works fine. I created a generic oauth 2 client in Azure with my password client id and secret.
If I test it in the Azure Portal it heads to the request permission dialog. I confirm and it redirects to e.g. https://token.botframework.com/.auth/web/redirect?code=XYZ&state=123 and just shows Bad Request. No more, no less.
I tried different configurations etc., googled and found some with similar problems but no solution. Most just referred to secrets etc. But the secret works, a broken secret before lead to other issues I am not facing now.
And the error message is not really helpful ^^ No matter how I call https://token.botframework.com/.auth/web/redirect it is always a Bad Request.
Does anybody have an idea, a hint in what direction to look further, where issues could occur? As I am a little lost right now.
I'm in throws of moving our security architecture from ASP.NET Core Identity to Azure AD V2 with MSAL.js. We used a lot of Roles with the ASP.NET Core Identity implementation and the information was managed in the database using the web application. The pattern I'm abandoning is similar to this one.
https://www.dotnetcurry.com/aspnet-core/role-based-security
Azure AD with MSAL is working. The tokens are being created and passed and the local Web API Endpoints decorated with the generic [Authorize] attribute are being honored as you would expect. Web API Endpoints decorated with [Authorize(Roles= "Fee, Foo, Fi, Fum")] are throwing a 401 unauthorized error.
I'm not sure where to go from here. Do I write a CustomAuthorize attribute override for Web API and go back to the database and grab the roles. (probably match the DB defined roles to the user based on email address)
OR
Is there a way to implement roles natively with Azure AD V2?
I'm not sure whats the best course of action from here. Documentation and Code samples seem limited. It would sure be nice to just throw a AD User in a Group and have the Group be respected as a Role in the Web API. On the other hand, It's nice to have Role delegation handled within the confines of the Web Application.
Any advice, experience or interest would be greatly appreciated.
Answer
Follow up to my question. #Marc , You're correct, after looking at the token the Roles are not present. Adding Roles to the token seems pretty straight forward. You need to Patch the graph schema to include them, Configure the roles and assign them to users as needed thru AAD.
Or that's how it looks at first glance. After digging a deeper, it requires a P1 or P2 Enterprise license which only costs an additional 6$ per month per user. This will literally double the cost of hosting email in the cloud for us.
Alternatively I wrote a CustomAuthAttribute for WebAPI and tied User & Roles together on the server backend. Roles can still be managed via the web application and users can still login using Active Directory Credentials.
I recall that the id token returned in implicit flow (the one you use with JS) does not include app roles (or groups). I cannot find any docs confirming that but see others who got around the issue (so the issue must be there) by using Graph to get the roles (or groups).
You can capture the token you receive from AAD and view it using https://jwt.ms to see whether roles are included in it.
After searching for days I still dont know how to get my laravel web app to work with azure ad auth.
I want the people to SSO via azure ad. How is this done and where can I start ?
Any help is very appreciated.
You could refer to this link to configure your web app to use Azure AD login.
Note: In step 4, I recommend you to create a new AD App(app registration), not select an existing app, when using the first one, azure will help you configure some settings automatically, it can save unnecessary trouble.
Can someone help me in generating a access-token for Stormpath.
I'm following the steps mentioned storms api doc.But stuck with error code 404(The requested resource does not exist).
I'm using end point (http://api.stormpath.com/v1/oauth/token?grant_type=client_credentials) to get the tokens and passing all HEADER values as mentioned in API document. Have some used it before ?
I work at Stormpath and can help you with this.
The answer is that you need to use one of our SDKs on your server. At this time we don't support token creation directly from our API. Instead you will need to expose this functionality on your server by using one of our SDKs. The SDK will work with your Stormpath Application to create the tokens and serve them from your serve.
This section of the documentation has examples:
http://docs.stormpath.com/guides/api-key-management/#using-the-stormpath-sdk-to-authenticate-and-generate-tokens-for-your-api-keys
Hope this helps!