Hi I have to develop a framework to enable single sign on for an application that my organisation develops.I want the framework to be in GOLANG.I want to authenticate the users with azure active directory details.How can I achieve this?
Azure AD can provide auth via WS-Fed, SAML-P, OAuth2 and OpenID Connect. As long as you develop using one of those then your application can be registered in Azure AD as an application and can leverage the standard protocols listed above.
Related
I'm investigating Azure AD B2C as a possible auth service, which we want to use for user management and authentication. We have a web application, Web API which we can easily integrate with AAD B2C and migrate our current authentication and user management.
However, I did not find any solution how to authenticate mobile applications and integrate it with azuere ad b2c. Our mobile app communicates also with web api but it does not need any user login. These applications are tied to a tenant and every mobile app instance has an API key that is used to authenticate the mobile app on the backend.
Is it possible with azure ad b2c to achieve that kind of authentication, that we will generate API keys for our mobile apps and will use the same ad in azure like the normal users? Is possible with azure ad b2c or we should use another azure service?
What are the best practices in this area? It is similar to the backend to backend communication where API keys are used. Thx.
The normal way for such a scenario would be to use the client credentials flow, where you use your ClientID + ClientSecret for a silent login in order to get a non-personalized AccessToken.
Although it seems that this type of flow is currently not supported by AD B2C. Have a look here: https://learn.microsoft.com/en-us/azure/active-directory-b2c/application-types#current-limitations
As an alternative, that page is refering to the client credentials flow of the Microsoft Identity Platform (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow).
I guess it now depends on the detailed requirements of your application whether it could be an option for you to use.
I’m kind of new to azure active directory. What I'm trying to achieve is:
I have a .net core application (backend api) which will be called using an angular application.
My requirement is to authenticate and enable single sign on using azure active directory.
With some time spent, I came to know that there are 2 ways to do this,
Using OpenID Connect
Using SAML
I would like to do using SAML. I tried implementing SAML SSO as follows:
I registered one application under Active directory which redirects
to my angular application. I also read that, any application we are
registering in App registrations will use OpenID by default and
there is no UI available to make it as SAML but we can do the same
using manifest.
We can register application using Enterprise applications to enable
SAML
My question is,
Is there a way we can authenticate and enable SSO in my application
registered using App registrations?
What options I should choose to enable SAML SSO while registering
enterprise application? If I select my registered application in
enterprise application it gives me the following:
The single sign-on configuration is not available for this application in the Enterprise applications experience. localhost was created using the App registrations experience.
Please go to localhost in the App registrations experience to edit properties such as reply URLs, identifiers, claims, among others. Your account should have the required permissions (Global Administrator, Cloud Application Administrator, Application Administrator, or owner of the app object).
What will be the code changes in my angular and .net core
application?
Any reference would be very helpful.
TIA
You can't do it from App Registrations but you can do it from the Enterprise Application experience. To set up SAML SSO you need to go to the application > Manage > Single Sign-On > Select SAML. The Quickstart goes through all of the steps for setting up SAML SSO from Enterprise Applications.
For Basic SAML configuration values, see Configure SAML Single Sign-On.
You can use the SAML toolkit and accompanying samples to test the SAML single sign-on integration with Azure AD
I agree with Marilee's, her answer has provided some related documents on how to create an enterprise app and how to enable SSO with the app.
What I wanna add is that I think you need to figure out which app you are willing to connect together with SSO, I mean that you just said 'an angular application', so there's only one app, how does it relate to SSO ? And if you just need to sign in both frontend app and backend app, this document may help.
Wish you could solve it soon, and if you met more questions, pls add details.
We are looking for Authentication methods for a Multi-Tenant SaaS application. We have been exploring Azure B2C but have not been able to provide suitable user to organization (Tenant) management.
We are exploring options like;
Microsoft's Azure AD B2C or an alternate service
B2C's Multi Tenant support to provide user/data segregation by Tenant (or Organization)
Environment;
We are using .Net Core 2 for the application and api's
We will have native phone applications that use the api's
Must use a common login service for all applications (Phones and Web)
What we need to do;
Authenticate Users
The first user for an Organization(Tenant) would;
create the organization
sent invitations to their organization's users
Subsequent users would take the invitation link
create an account joined to the organization using
Email/Username and Password
or connect a Social account to the invitation
or other services supplied by Azure AD B2C like another Azure AD
From the login service return a JWT Token
Needs to include the Organization to secure organization data
the JWT needs to be passed to child API's
Child API's will need to validate the token without external calls
Any ideas, sample applications or alternate products ideas are appreciated.
We did find http://identityserver.io/
A quick summary from their website;
The Open Source OpenID Connect and OAuth 2.0 framework for .NET.
IdentityServer is OpenID Certified and part of the .NET Foundation.
We are currently exploring this, and wanted to add this as a possible solution to the question.
We need to build a desktop (using angular4) and a mobile application (using react-native) that supports single sign on for our clients who are using ADFS in their organisations. We are looking forward to implement outh2 authentication on desktop and mobile app.
Can someone please guide how can we implement it. Should the app(s) be registered at azure-portal or apps.dev.microsoft.com? Do we need a backend API, what would this backend api do?
Thanks.
You need to register your app on azure.portal if you want to support sign in with Active Directory organizational or work accounts, which I believe is your case.
The apps.dev.microsoft.com portal is for registering apps that want to support sign in with both AD work accounts and Microsoft personal accounts.
You can read this article to get an idea of the different application types and platforms that are supported.
We have a Web API intended to serve multiple business partners, each of which will be customizing a white label version of our native app client.
We also have a Web API offering common functions to different apps.
We would like to use AD B2C as the identity and auth system, but cannot see how or if it is possible to use AD B2C to secure a common API for multiple apps. Is this achievable?
It depends on how you want to your partners usig the account login-in. If you expected that the partners login-in using the consumer account or local account in the Azure AD B2C you own, the answer is yes.
The Azure AD B2C supports the Access Tokens from March 23, 2017(refer here). And it supports many types of clients, including web apps, desktop and mobile apps, single page apps, server-side daemons, and other web APIs.
It is same to develop an web API server for one native app or multiples apps, you only need to register the multiple apps in your B2C tenant. More detail about acquring the access token for the Azure AD B2C, you can refer the link below:
Azure Active Directory B2C: OAuth 2.0 authorization code flow