I have an app that authenticates using OIDC to Azure AD. I configured the other app to share Azure AD accounts (SSO) so users can access that app with AD accounts using that App interface (The app is Citrix Sharefile). Sharefile has API and different SDKs (In my case .NET). I cannot figure out how to and if possible to exchange OIDC token to ShareFile token which is SAML
Related
I have react native app which uses Azure AD B2C (as it is available outside our organization) and a backend admin SPA with Azure AD as it is only for our employees.
I have a node backend with provides api for both the app, now how to validate the tokens generated by AD B2C app and AD app.
One solution is to use Azure AD as external identity provider in Azure AD B2C and use Azure AD B2C app for the both RN external facing app and backend admin SPA, this will work, the issue being here is we will have employee information on both AD & AD B2C.
What is the right way of doing these kind of integration. Any help is greatly appreciated. Thanks
Handle it in the back-end side / API side. So essentially, in the API side, you have two or more ways of authenticating a user.
In the case of AD and AD B2C, it'll be like setting up two JWT auth providers.
My app is a react js frontend and .net core back end app. It need to be have Azure AD authentication for the internal users of the organization. But now there is a requirement for allowing outside users to authenticate with the application.
Can I extend my app to do Azure ad authenticate with a 3rd party user with a gmail or facebook or linkedin login?
Or can I use Azure B-C authentication in the same app with Azure AD authentication?
Can someone help me and give me some guidelines on above.
THanks.
What you are looking for is AD B2C
Azure AD B2C supports external identity providers like Facebook,
Microsoft account, Google, Twitter, and any identity provider that
supports OAuth 1.0, OAuth 2.0, OpenID Connect, and SAML protocols.
I have two APIs.
Admin API (.NET Core API)
Healthcare API (Azure function API)
I need to call an endpoint in Healthcare API, and it should be called from admin API. I know the best way is to use gRPC but no time for that now.
Healthcare API is authorized with an azure b2c application. And the admin API is authorized with another azure b2c application. So from Admin API, I can't call the Healthcare API because of this authorization. (Can't use allow anonymous because it's an azure function API)
One solution that came to my mind is to get a jwt token in Admin API, from the b2c application that used to authorize healthcare API. But o idea of how to do this.
Is the above solution is good? And is it doable? Are there any ways of doing this without moving into gRPC?
Thanks in advance.
If these 2 B2C apps belong to the same B2C tenant, and you just want to make admin API to call Healthcare API, maybe you can just use OAuth 2.0 client credentials grant flow.
Although the OAuth 2.0 client credentials grant flow is not currently directly supported by the Azure AD B2C authentication service, you can set up client credential flow using Azure AD and the Microsoft identity platform /token endpoint for an application in your Azure AD B2C tenant. An Azure AD B2C tenant shares some functionality with Azure AD enterprise tenants.
just as below:
If there are 2 companies with different domains, one is companyA and the other is companyB, they both have an Azure AD, Azure AD B2C and backend mobile application (backendA and backendB).
There are existing front-end mobile App mobileA which can access backendA after Azure AD B2C authentication of companyA and mobileB access backendB after Azure AD B2C authentication of companyB.
For my case, I want mobileA call the api of backendB after authentication of Azure AD B2C of companyA. But after getting the token from companyA, how backendB check the token is valid?
Thanks!
lihoma
You can register backendB in companyA's tenant as an app.
The mobileA app can acquire a token for backendB from its own tenant.
Then backendB will need to add support for companyA's tokens in addition to supporting companyB's tokens.
I have a UWP app that needs a backend. I want to use azure app service and need set an authentication for the background.
The App Service Authentication module can easily set and Authentication for the app.
I wish to use AAD B2C, but the App Service authentication module say that it does not support aad 2.0/msal. So, does the App Service Authentication module can support AAD B2C?
And, how can I verify the AAD B2C token signature on the webservice? Microsoft doc said can use some library to verify the AAD B2C token signature, can msal be used to Verify the AAD B2C token signature on a asp.net core web service?
does the App Service Authentication module can support AAD B2C?
Yes, App Service easy auth supports AAD B2C, you can configure it under Advanced management mode.
Set the Client ID to be the Application Client ID from Azure AD B2C tenant.
Set the Issue URL to be the Metadata Endpoint for the policy.
https://tonyb2ctest.b2clogin.com/tonyb2ctest.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_testsignupin
Note: don't forget to set the reply url in azure ad tenant application https://XXX.azurewebsites.net/.auth/login/aad/callback
how can I verify the AAD B2C token signature on the webservice?
Many open-source libraries are available for validating JWTs, it doesn't matter with Azure App service.