User authentication with Microsoft Azure AD
HSNM Hardware and VM configurations. Sms, Email, Backup, Database

Rate this topic
   Post Reply
11 posts
uniwanbde
Posts: 3
Joined: 04 Aug 2020, 12:51

User authentication with Microsoft Azure AD

by uniwanbde » 04 Aug 2020, 13:35

Hi,

I try to authenticate users through Microsoft Azure AD with the help of 'OAuth Custom Authentication'.

As it's the first time I configure an OAuth mecanism, I'm a little lost with all the parameters to provide to HSNM and to Azure AD.

In the documentation, I don't find a procedure to manage Azure AD as an external authentification.

Have you, could you, provide me a complete procedure to configure an external authentification bound to Microsoft Azure AD?

Thank you and best regards,
Bénoni

HSNMSupport
Posts: 1529
Joined: 26 Jul 2016, 09:16

Re: User authentication with Microsoft Azure AD

by HSNMSupport » 04 Aug 2020, 16:07

Hi Benoni
I am sorry but we don't know how to configure Microsoft Azure AD as external Outh Authentication so we can't help you.
What we can suggest is to try to use "LDAP authentication" instead of "Oauth Custom Authentication"

Best regards

uniwanbde
Posts: 3
Joined: 04 Aug 2020, 12:51

Re: User authentication with Microsoft Azure AD

by uniwanbde » 05 Aug 2020, 12:29

Hi,

For the configuration of Microsoft Azure AD as OAuth provider, there is a lot of documentation explaining how to configure it.

Each time, in the docs, there is a URL to redirect the user after the authentication to process the answer received from the OAuth server.

What I need is just that URL or a template of it. I presume it will be on the form of https://the.name.of.my.hsnm/login/oauth or https://the.name.of.my.hsnm/auth_oauth/signin or ...

Once the OAuth will work, I publish the solution in this topic.

Thank you and best regards,
Bénoni.

HSNMSupport
Posts: 1529
Joined: 26 Jul 2016, 09:16

Re: User authentication with Microsoft Azure AD

by HSNMSupport » 05 Aug 2020, 17:54

Hi Benoni
I've just asked to our main developers and he told me that you can try to use the URL https://the.name.of.my.hsnm/social/cust ... 1login.php

Best regards

uniwanbde
Posts: 3
Joined: 04 Aug 2020, 12:51

Re: User authentication with Microsoft Azure AD

by uniwanbde » 18 Aug 2020, 17:17

Hi,

I finally get the Microsoft Azure AD working.

The setup on Azure AD is not difficult at all:
  1. You need to register a new App in your Azure AD (App registrations)
  2. Named it as you which and select the multitenancy as you need (single, multi and/or personal) and put the 'https://the.name.of.my.hsnm/social/cust ... 1login.php' as Redirect URI.
  3. Register the App.
  4. Take note of the 'Application (client) ID', it will be necessary in the HSNM settings
  5. Take note also of the end points, also needed in the HSNM settings. They will look like:
    - OAuth 2.0 authorization endpoint (v2) = https://login.microsoftonline.com/<tene ... /authorize
    - OAuth 2.0 token endpoint (v2) = https://login.microsoftonline.com/<tene ... v2.0/token
  6. Create a client secret (Certificates & secrets) and take note of the secret (shown only once).
And that's it for Azure AD.

On HSNM side, in the External Authentications / OAuth Custom Authentication, put the values as follow:
  • - Client ID - the 'Application (client) ID' from Azure AD App
  • - Client Secret - the value shown once when created the client secret in AZure AD
  • - OAuth Version - 2.0 (mandatory)
  • - URL to Require the URL of the Access Token - the value of 'OAuth 2.0 token endpoint (v2)' from Azure AD.
    Which gives as URL: https://login.microsoftonline.com/<tene ... v2.0/token
  • - Access Token Type - Bearer
  • - URL of the Redirect Server - the value of 'OAuth 2.0 authorization endpoint (v2)' from Azure AD with those additional parameters:
    response_type=code&state={STATE}&client_id={CLIENT_ID}&scope={SCOPE}&redirect_uri={REDIRECT_URI}
    Which gives as URL: https://login.microsoftonline.com/<tene ... DIRECT_URI}
  • - HTTP Method to Request Access Token - POST
  • - HTTP Method that Returns the Access Token - GET
  • - OAuth Parameters Passed through HTTP Authorization - No
  • - Required Permissions to the OAuth Server - profile openid email https://graph.microsoft.com/User.ReadBasic.All
The only thing that doesn't work is the user info retrieval.
I try with those parameters but the username remains random when the user is authenticated and connected.
  • - URL of the API that Returns the User's Data - https://graph.microsoft.com/v1.0/me
  • - Parameters passed in the URL - No
  • - Name of the Variable that Contains the Username - userPrincipalName
  • - Name of the Variable that Contains the Given Name - givenName
  • - Name of the Variable that Contains the Surname - surname
  • - Name of the Variable that Contains the Email Address - mail
The data returned by Microsoft Graph is a json content in the body of the response. And I don't know if your code send the token acquired in the request and parse correctly the response to fill the variables.

Best regards,
Bénoni.

miami1983
Posts: 81
Joined: 17 Apr 2019, 09:08

Re: User authentication with Microsoft Azure AD

by miami1983 » 29 May 2023, 08:14

i have the same problem get this error message:

Sign in
Sorry, but we’re having trouble with signing you in.

AADSTS900023: Specified tenant identifier ' is neither a valid DNS name, nor a valid external domain.

miami1983
Posts: 81
Joined: 17 Apr 2019, 09:08

Re: User authentication with Microsoft Azure AD

by miami1983 » 29 May 2023, 13:50

i have the same problem get this error message:

Sign in
Sorry, but we’re having trouble with signing you in.

AADSTS900023: Specified tenant identifier ' is neither a valid DNS name, nor a valid external domain.
I fix some of parameters and have a problem in redirecting URL as mentioned above : https://wifi.ps/social/customoauth1login.php

ERROR! SOCIAL NETWORK LOGIN ERROR: IT WAS NOT POSSIBLE TO ACCESS THE OAUTH ACCESS TOKEN: IT WAS RETURNED AN UNEXPECTED RESPONSE STATUS 401 RESPONSE: { (101)

so what is the suitable redirect URL needed to add in Azure app

HSNMSupport
Posts: 1529
Joined: 26 Jul 2016, 09:16

Re: User authentication with Microsoft Azure AD

by HSNMSupport » 15 Jun 2023, 09:30

Hi,

I finally get the Microsoft Azure AD working.

The setup on Azure AD is not difficult at all:
  1. You need to register a new App in your Azure AD (App registrations)
  2. Named it as you which and select the multitenancy as you need (single, multi and/or personal) and put the 'https://the.name.of.my.hsnm/social/cust ... 1login.php' as Redirect URI.
  3. Register the App.
  4. Take note of the 'Application (client) ID', it will be necessary in the HSNM settings
  5. Take note also of the end points, also needed in the HSNM settings. They will look like:
    - OAuth 2.0 authorization endpoint (v2) = https://login.microsoftonline.com/<tene ... /authorize
    - OAuth 2.0 token endpoint (v2) = https://login.microsoftonline.com/<tene ... v2.0/token
  6. Create a client secret (Certificates & secrets) and take note of the secret (shown only once).
And that's it for Azure AD.

On HSNM side, in the External Authentications / OAuth Custom Authentication, put the values as follow:
  • - Client ID - the 'Application (client) ID' from Azure AD App
  • - Client Secret - the value shown once when created the client secret in AZure AD
  • - OAuth Version - 2.0 (mandatory)
  • - URL to Require the URL of the Access Token - the value of 'OAuth 2.0 token endpoint (v2)' from Azure AD.
    Which gives as URL: https://login.microsoftonline.com/<tene ... v2.0/token
  • - Access Token Type - Bearer
  • - URL of the Redirect Server - the value of 'OAuth 2.0 authorization endpoint (v2)' from Azure AD with those additional parameters:
    response_type=code&state={STATE}&client_id={CLIENT_ID}&scope={SCOPE}&redirect_uri={REDIRECT_URI}
    Which gives as URL: https://login.microsoftonline.com/<tene ... DIRECT_URI}
  • - HTTP Method to Request Access Token - POST
  • - HTTP Method that Returns the Access Token - GET
  • - OAuth Parameters Passed through HTTP Authorization - No
  • - Required Permissions to the OAuth Server - profile openid email https://graph.microsoft.com/User.ReadBasic.All
The only thing that doesn't work is the user info retrieval.
I try with those parameters but the username remains random when the user is authenticated and connected.
  • - URL of the API that Returns the User's Data - https://graph.microsoft.com/v1.0/me
  • - Parameters passed in the URL - No
  • - Name of the Variable that Contains the Username - userPrincipalName
  • - Name of the Variable that Contains the Given Name - givenName
  • - Name of the Variable that Contains the Surname - surname
  • - Name of the Variable that Contains the Email Address - mail
The data returned by Microsoft Graph is a json content in the body of the response. And I don't know if your code send the token acquired in the request and parse correctly the response to fill the variables.

Best regards,
Bénoni.
This is an amazing job :idea:
Thanks for sharing.
S.T.

miami1983
Posts: 81
Joined: 17 Apr 2019, 09:08

Re: User authentication with Microsoft Azure AD

by miami1983 » 17 Jul 2023, 15:56

Hi,

I finally get the Microsoft Azure AD working.

The setup on Azure AD is not difficult at all:
  1. You need to register a new App in your Azure AD (App registrations)
  2. Named it as you which and select the multitenancy as you need (single, multi and/or personal) and put the 'https://the.name.of.my.hsnm/social/cust ... 1login.php' as Redirect URI.
  3. Register the App.
  4. Take note of the 'Application (client) ID', it will be necessary in the HSNM settings
  5. Take note also of the end points, also needed in the HSNM settings. They will look like:
    - OAuth 2.0 authorization endpoint (v2) = https://login.microsoftonline.com/<tene ... /authorize
    - OAuth 2.0 token endpoint (v2) = https://login.microsoftonline.com/<tene ... v2.0/token
  6. Create a client secret (Certificates & secrets) and take note of the secret (shown only once).
And that's it for Azure AD.

On HSNM side, in the External Authentications / OAuth Custom Authentication, put the values as follow:
  • - Client ID - the 'Application (client) ID' from Azure AD App
  • - Client Secret - the value shown once when created the client secret in AZure AD
  • - OAuth Version - 2.0 (mandatory)
  • - URL to Require the URL of the Access Token - the value of 'OAuth 2.0 token endpoint (v2)' from Azure AD.
    Which gives as URL: https://login.microsoftonline.com/<tene ... v2.0/token
  • - Access Token Type - Bearer
  • - URL of the Redirect Server - the value of 'OAuth 2.0 authorization endpoint (v2)' from Azure AD with those additional parameters:
    response_type=code&state={STATE}&client_id={CLIENT_ID}&scope={SCOPE}&redirect_uri={REDIRECT_URI}
    Which gives as URL: https://login.microsoftonline.com/<tene ... DIRECT_URI}
  • - HTTP Method to Request Access Token - POST
  • - HTTP Method that Returns the Access Token - GET
  • - OAuth Parameters Passed through HTTP Authorization - No
  • - Required Permissions to the OAuth Server - profile openid email https://graph.microsoft.com/User.ReadBasic.All
The only thing that doesn't work is the user info retrieval.
I try with those parameters but the username remains random when the user is authenticated and connected.
  • - URL of the API that Returns the User's Data - https://graph.microsoft.com/v1.0/me
  • - Parameters passed in the URL - No
  • - Name of the Variable that Contains the Username - userPrincipalName
  • - Name of the Variable that Contains the Given Name - givenName
  • - Name of the Variable that Contains the Surname - surname
  • - Name of the Variable that Contains the Email Address - mail
The data returned by Microsoft Graph is a json content in the body of the response. And I don't know if your code send the token acquired in the request and parse correctly the response to fill the variables.

Best regards,
Bénoni.
This is an amazing job :idea:
Thanks for sharing.
S.T.
but still not work .. can u inform us when it can be applicable

HSNMSupport
Posts: 1529
Joined: 26 Jul 2016, 09:16

Re: User authentication with Microsoft Azure AD

by HSNMSupport » 19 Jul 2023, 09:39

This is a custom client configuration. You can try to replicate it in your environment or wait till the developers release the official integration.
S.T.

Rate this topic

Who is online

Users browsing this forum: No registered users and 4 guests

It is currently 28 Mar 2024, 16:54