For the purposes of fully automating an OpenAM deployment, can we Register a Remote Service Provider using SSOADM Command Line Interface or any other tool?
I don't see this option in the list of arguments for ssoadm. Is there a way to do this with ssoadm or perhaps another method?
It's under the Federation Management section in the documentation. The command you are looking for is "import-entity".
Related
I am trying to set up AAD Connect to synchronise our in-house LDAP user directory with the Azure AAD. Documentation says to use AAD Connect, and that while Microsoft would (of course) prefer you have Active Directory locally to link to, it should also work with an SQL or LDAP backend, though the only instructions I can find are a year out of date. In any case, we are a linux house and do not have AD internally.
Possibly I need an older version of AAD Connect (1.1.649?) but am unable to find this anywhere.
Does anyone have any instructions on how we can configure AAD Connect to work with anything but a local Active Directory?
I have seen this blog posting, but it does not match the current AD Connect software. https://blog.kloud.com.au/2017/11/03/generic-ldap-connector-for-azure-ad-connect/
There is a trick to doing this.
Install local Active Directory
Install AADConnect linking to local AD and Azure AD
When install has completed, run the ADConnect Synchronisation Service (UIShell) configuration app
This then allows you to define an LDAP connector, and remove the unnecessary local AD one
Now you need to define rules using the Synchronisation Rules Editor to trigger updates, creates or deletes
Now you need to set up profiles in the Synchronisation Service for Full Import and for Sync on each source.
This is not trivial but there is more information here: https://learn.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-genericldap
Don't run the install wizard as it only allows you to configure replication to a local AD, which is pointless as you can set up federation in this case.
An alternative, now available, is to install the AAD Domain Services object in Azure. This is, in effect, AD+ADConnect in a managed box, and will give you an LDAP endpoint to AD. You can then use LDAP replication of some sort to synchronise this with your local LDAP, or else use it directly for authnz.
Drawbacks are that is is, of course AD LDAP and has a strange structure; and the LDAP password synch only happens when the passwords are updated in AAD. And you cant extend the schema locally. However it may be enough if authentication and groups are all that is required.
I want to create an automation demo for customers, where I have a single page web app with a couple of input text fields, and the inputs get used as parameters in the creation of an Azure Resource Group and VNETs/VMs/etc within the Resource Group.
I can do all of the above with Azure CLI (v2.0) on my laptop, and also from CLI using a Azure CLI in a bash script on a Linux server, but I wanted something web-based. I considered standing up a web page on the Linux server to call the bash script, but that seems a bit painful (especially with permissions etc). I also thought maybe Azure Functions could provide a solution to host the single web page app and call the Azure CLI commands, but I've never used Functions before so not sure if Functions can do this; the description of Functions' capabilities aren't clear to me.
What is the best way to achieve what I'm after, quickly?
Note I'm not a developer, I'm a network engineer, so whilst I can hack around in a few languages from Notepad and vi, I'm not looking to build something in a full SDK, or have something with enterprise-level reliability, version control, etc. This is really all about proof of concept and web-based demo of something I already have in Azure CLI / bash script.
Thanks in advance :-)
For a quick and relatively dirty way, you could create an Azure Runbook (using the scripts created from the Azure Portal) and invoke using the Automation API This could use the scripts (or close to) what you already have.
When you roll out a new service in Azure you get the option now to download the Automation Script, you can then follow this article to deploy the generated script via a runbook
To follow on from Jamie's idea.
You can code your Azure Cli script (or Powershell) into an Azure Automation Runbook, you can have variables etc to access it with.
You can then attach a webhook to that runbook, and call it from a standard HTTP Post request.
Meaning you could create a HTML form, that would pass whatever variables are required and build whatever is needed.
The downside of this would be that you will be creating it on your infrastructure.
You can have a solution that will deploy to someone else's infrastructure with a deploy to Azure button
This lets you host it in Github etc, it takes a bit more knowledge to make it work but saves your account dollars!
I have setup a azure cloud classic. Where I have two instances running one is web role and orleans silos. I want to enable trace and I need a means to login into the box and see the logs. Azure portal is not providing the logs I needed. I am following the following link https://learn.microsoft.com/en-us/azure/cloud-services/cloud-services-role-enable-remote-desktop but, in the first step, is to click on the cloud service and click configure but I do not see configure option anywhere. I see only 'Pin, swap and delete'. But I did see an option when click on the cloud class, called configuration. In that configuration, there is nothing for remote desk top.
I do have an option for remote desk top, but when I click that I get an message "This deployment is using RemoteAccess and/or RemoteForwarder modules. We recommend using the RDP extension instead. You can enable this mode by removing the modules from your .csdef and .cscfg and then saving your RDP configuration here."
so my basic question, how what is proper way to remote to that box provided I am getting above mentioned message?
According to your description, you are using Azure new portal to configure Remote Desktop. For a simple way, you could log into Azure classic portal to leverage Remote Desktop Extension approach for you to enable Remote Desktop even after your application is deployed.
Note: For more details, you could follow the section about configuring Remote Desktop from the Azure classic portal in this doc.
so my basic question, how what is proper way to remote to that box provided I am getting above mentioned message?
You could follow this tutorial about configuring Remote Desktop in the service definition file.
In this article, it is shown how to use SendGrid in Windows Azure Mobile Services:
http://www.windowsazure.com/en-us/develop/mobile/tutorials/send-email-with-sendgrid/
The interesting part is, how a developer can call new SendGrid('**username**', '**password**'); from within a server side script to start using the SendGrid API.
For me it looks like a custom script has been registered on the server when I choose the SendGrid add-on.
How could I register a script of my own? I tried googling around but searches such as register custom script only returned tutorials on how to write server side scripts, not how to register a custom library to be used on those scripts.
In short:
What are the basic steps to accomplish this
Is there instructions for this somewhere
Can you suggest an alternative method to accomplish the same functionality (ie. requireJS and hosting your custom script in a CDN maybe?)
The basic approach to using custom scripts with Mobile Services is this:
Enable source control for your Windows Azure Mobile service.
Install Git on your local machine.
Use Git to deploy custom scripts (or node modules) from your local machine to your Windows Azure Mobile service.
There is more detail here: http://www.windowsazure.com/en-us/develop/mobile/tutorials/store-scripts-in-source-control/
Simple question - is there anything that we can use to programmatically configure ACS using PowerShell (or some other command line tool)? It looks like the old CodePlex build of the PowerShell cmdlets supported this but the later official builds don't seem to have anything available.
There are different ways you can interact with ACS:
Directly with the management service: http://msdn.microsoft.com/en-us/library/windowsazure/hh135143.aspx
By using the FluentACS library: https://github.com/jrowies/FluentACS/blob/master/README.markdown
By using the old PowerShell cmdlets: http://blogs.msdn.com/b/alikl/archive/2011/05/18/manage-windows-azure-appfabric-access-control-service-acs-with-powershell.aspx