Following scenario:
I have a web app running in the MS Azure cloud
The app provides a user logon with username and password
The new requirement is to provide the AD FS SSO for the web app, so that once a user has logged on the Windows machine, her AD credentials can be used to log on the web app.
Can anyone help with some background information and step-by-step instruction. Thank you.
Yes - you can do this by federating ADFS and Azure AD.
That provides SSO and lets the users authenticate on the intranet.
Do you have to use ADFS? If not, pass-through is a good alternative.
To connect the web app to ADFS, you could try to use the scripted setup for automated integration or use the manual setup to step-by-step.
For the details, you could refer to the docs.
Hope this can help you.
Related
I have created a web application using Django and embedded the azure chatbot after publishing it. Once the user logs into the Web App, i would like to transmit login info to the chatbot embedded on the app in order to give customized interactions e.g. "Hello Richard, How may i help you?" etc.. I believe Azure AD SSO is a good option. But couldn't find good resources on how to implement it for my use case.
Is AAD SSO the best option?,
If yes, can anyone please guide me to resources that i can refer to implement it.
If no, please provide some info on what's the most optimal approach for this use case.
Here's the samples for Bot Authentication and Bot Authentication with Azure and MSGraph, as well as the documentation on user auth in bots.
If your users can be authenticated using Azure AD SSO, then yes, it's a good solution.
My company has developed a web-based application for internal and external use. The application is developed by angular + asp.net WebApi and authorised by OAuth. Users have to use the username and password given by us to login. The application works well. Recently, clients made a new request to login our system through Azure AD SSO. They want us to integrate their Azure AD.
Requirements:
On login page, there should be a new option for users to login our system by connecting to their Azure AD.
Alternatively, if their employees are connected to their system and then visit to our website, they will be automatically logged in our website without entering username and password.
I have no knownledge about Azure AD SSO and still get confused even I did some search on google. Can someone give me some advice or hints?
Using Msal with Angular you can implement the Azure AD SSO login. There are multiple code samples and microsoft documents available to achieve your requirement.
Please go through the documentation and code Sample.
In the Angular sample there is a function as mentioned below which verifies the user credentials if the user is already logged in or not.
checkoutAccount() {
this.loggedIn = !!this.authService.getAccount();
}
My application is an Angular 2+ SPA, which uses Azure Active Directory and the back end API is implemented in Node JS. Currently, when an user tries to login, an Azure pop-up appears, User enter login/password which will get authenticated in AD, AD returns a bearer token which I use to authenticate Node JS API.
My requirement is, to use Integrated Windows Authentication (IWA). The Front End should use Windows authentication to get the bearer token from AD instead of asking user to enter login/password. How Can I do that? Whatever articles I see about this, all talk about IIS and .Net based application. Should I always use .NET based API to use Windows Authentication? Any hints would be greatly appreciated.
Just a note, the API is an enterprise application hosted in the cloud. All the users are internal company employees and are registered with AD.
Given you already have Azure AD sync setup, the following may be useful. AAD Connect allows you to seamlessly login with SSO:
https://learn.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso
Azure services doesn't support Windows Authentication, unless you setup a VM with IIS. I assume by your requirements "...Get the bearer token instead of asking user to enter login/password" mean single signon. That is, when a user is logged into the domain on their PC, they don't have to login again to your application.
There are a few ways to approach this depending on your AD configuration, but usually you have to configure ADFS for your organisation AD to allow your cloud app to authenticate you. If you are already logged in, it will simply redirect you and your app will receive the bearer token.
https://azure.microsoft.com/en-au/resources/videos/configuring-ad-fs-for-user-sign-in-with-azure-ad-connect/
Another option is to connect your organisation AD with Azure AD, using Azure AD sync. The following link helps with this. You would then configure your app to authenticate against Azure AD (as it currently does).
https://learn.microsoft.com/en-us/azure/architecture/reference-architectures/identity/azure-ad
AD configuration is not a simple configuration,
I'd like to connect my xWiki installation to Azure AD for user authentication. Does anybody have an idea how to achieve this?
Thanks
You might want to look at the dedicated extension pages describing how to use LDAP in XWiki: http://extensions.xwiki.org/xwiki/bin/view/Extension/LDAP/ (both Authenticator and the Application to customize it)
Additionally, you might be interested in this paying app that is supposed to be specialized in Active Directory and should help you use it without too much work: https://store.xwiki.com/xwiki/bin/view/Extension/ActiveDirectoryApplication
Now, since Azure AD does not allow LDAP connection (according to your comment), you might want to look into using OpenID Connect. It seems to be supported by Azure AD (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-openid-connect-code) and XWiki also has a recently published extension to be able to authenticate with OpenID Connect (http://extensions.xwiki.org/xwiki/bin/view/Extension/OpenID+Connect/). There`s also an introductory blog article on the feature: https://www.xwiki.org/xwiki/bin/view/Blog/Your%20new%20Identity%20Provider%20XWiki
I am excited about the latest global (Google, Microsoft, Facebook, etc...) Authentication options in Azure Web Apps. I am posting a Web API app. However does anyone know how to program the login and get a token from a Windows 10 UWP app? I am first interested in using Microsoft Account Authentication.
Glad to see the excitement! Some documentation links below.
How to configure Microsoft Account authentication (using the management portal).
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-microsoft-authentication/
Here is some documentation showing how to set up a Windows Store application on Azure App Service. This example uses Facebook, but you should be able to make some very simple changes to enable Microsoft Account authentication.
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-windows-store-dotnet-get-started-users/
Does this help you get started?