Howto add Azure AD as AWS Cognito Federated IdP - azure

G'day Everyone.
I have a Web application running with AWS S3, RDS, Lambda and API Gateway using an AWS Cognito user pool as login service. This is working good so far. But now i would like to integrate it with Azure ID.
Does someone has a good documentation about it. I can only find documentation for the other way round or for integration Azure AD into the AWS Console.
The reason could be that this feature just went from beta to production a few weeks ago.

The steps are quite long, but I've created a tutorial on setting this up.
There is a current bug within the AzureAD web console that prevents changing the App ID to a URN, but it can be worked around by modifying the parameter with AzureAD powershell.
See the following blog post here:
https://www.idea11.com.au/how-to-set-up-aws-cognito-federation-office365/

I ran into some troubles while logging in via personal live/hotmail accounts using SAML, turns out there's no proper support for that yet, try OIDC.
Follow:
https://www.terminalbytes.com/azure-ad-integration-as-an-idp-with-aws-cognito/

Related

Client permissions on serverless Azure Web PubSub

I've successfully followed the Tutorial - Create a serverless chat using the Azure Web PubSub service.
Now I require giving the clients different permissions based on their ID. Also, add them to different groups.
The documentation on this matter is using a NodeJs server, but it says nothing about how to accomplish this using serverless Functions.
Is there a piece of documentation I am missing? Do you have any lead or example to share on how to manipulate permission on the negotiate function?
After a lot of digging around, I finally found this repository with examples on what I wanted to accomplish:
https://github.com/Azure/azure-webpubsub/blob/main/samples/functions/js/simplechat-wpscontext/connected/index.js

Client Credentials Flow for Azure DevOps

I have been looking at this issue for days and I know from experience that I usually work these things out but this time I have hit a brick wall.
Scenario
I have a python app that gets instantiated inside an Azure DevOps YAML pipeline.
The app calls the Azure DevOps REST API to create a repository
The app uses a PAT (personal access token) to authenticate
Firstly issue is, a personal access token is connected to me as a human user. If I leave the company the PAT will be revoked which is not good for an app that needs to run in a non-user context.
So now I want to setup my Python app to authenticate to the Azure DevOps REST API using client credentials flow.
My issue is, I can't find consistent information about this.
I have created an app in Azure DevOps:
My plan would be to get this all working in Postman and then port my finding to Python code.
So really, I am looking for help with the setup I do in Postman and I can work the rest out myself in Python.
Many posts talk about Azure DevOps and Azure AAD (Azure Active Directory) together but, seeing as I create my app registration in Azure DevOps, as shown in the picture, I don't see why I would do anything in AAD.
(Note, my Azure DevOps instance was created outside Azure. Azure knows nothing about my Azure DevOps instance)
Any pointers to the CORRECT information about how to do this would be good. And remember, I definitely need the client credentials type flow. There is no human interaction between my app and the Azure DevOps REST API.
Update
Here is what I have in Postman right now:
Note:
You can see the check boxes which I am using to toggle application/x-www-form-urlencoded key / value pairs on and off
the resource - 499b84ac-1321-427f-aa17-267ca6975798 is apparently the GUID for Azure DevOps and doesn't change
If I look inside the HTML from the 500 error I see this: Could not find partition for hostId: 499b84ac-1321-427f-aa17-267ca6975798 which is the DevOps resource GUID mentioned above.
And here is the 500 error I get from Azure Devops:
It's all very confusing but I am sure I just need to tweak one or two things to get it working.
I want to use client_credential flow in Azure DevOps for the same reasons as you! Last time I spoke to support they told me it was planned for Q3 2020. Reviewing the roadmap I can't see it on there at the moment. I also couldn't see any feature requests currently raised on Dev Community so you could consider trying to raise the profile of this issue on there.

Can I use google cloud speech api in microsoft azure vm?

I am trying to use google cloud speech API in microsoft azure machine(Where I have installed asterisk service). Is it possible to do this. Because in GCP we have an option where we can enable 'Allow all cloud API services'. But in microsoft we do not have an option to enable. If I use I am getting the following error. Please go through the staktrace and help me.
Note : we have a working version in GCP machine. Now I am deploying it into microsoft vm(Then only I am getting this error).
An API can be called over the internet. If the machine is configured to be able to connect to the internet than yes, you can.
Looking at the error you're getting, it looks like there's something wrong with your authentication setup.
DefaultCredentialsError: Could not automatically determine credentials. Please set GOOGLE_APPLICATION_CREDENTIALS or explicitly create credentials and re-run the application.
For more information, please see https://cloud.google.com/docs/authentication/getting-started
If you follow the instructions in the linked documentation on Getting Started with Authentication, you should be good to go.
Seams like i answered same less than week ago.
Please check that you setuped credentials for asterisk user, not for root. Asterisk is running under asterisk user.

Are there any examples of Authenticating a User against Windows Azure Rest API without certificates

According to the releases a few day ago by Scottgu, its now possible to use the windows azure management api without client certificates.
Are there any examples of doing this?
I have a Azure Cloud Service Package that I would like to let people deploy from my website. Therefore I would like to, from javascript, to authenticate the user to their Azure subscription ( some oauth against the WAAD ) and then by rest api deploy my package for them.
I dont need a concrete examples, but just some pointers on how I could do this.
I dont want users to give me their passwords offcause, therefore i need some guidance on how I can do SSO of the user against WAAD/Windows Azure management api and from there use the access token to deploy the package.
As of today, the Service Management API documentation regarding this new authentication mechanism (http://msdn.microsoft.com/en-us/library/windowsazure/ee460782.aspx) is not updated. Since the new login mechanism is supported in PowerShell which is essentially a REST Wrapper over this API and is open source, one thing you could do is take a look at the source code of the Cmdlets on Github (https://github.com/WindowsAzure/azure-sdk-tools) to see how it is accomplished there and write something of your own (and share it here:)).

How do you create an Azure deployable WebRole that use LiveId and Access Control Service

I need some help with creating a simple WebRole that uses federated authorzation/authentication with LiveId and the Access Control Service. I'm able to get it working with a local test ASP.NET application, but can't seem to find any information on the steps necessary to do this with a Web Role that can be deployed to Azure. The only information that I've found is to handle this scenario using a custom STS and the ACS or just LiveID, but nothing that demonstrates using both together.
Is there currently a limitation with Azure that prevents this? I've read some articles that seem to indicate it isn't currently possible due to the Geneva Framework not being fully implemented on Azure - can anyone confirm?
Thank you very much for any help!
You may find this resource useful - http://code.msdn.microsoft.com/wifwazpassive. It shows how to use ACS in an Azure Webrole. It does use a custom STS, not LiveID, but given that it's using Geneva framework components it should be possible to make it work with LiveID.

Resources