HSNM Forum

1. You need to register a new App in your Azure AD (App registrations)
2. Named it as you which and select the multitenancy as you need (single, multi and/or personal) and put the 'https://the.name.of.my.hsnm/social/cust ... 1login.php' as Redirect URI.
3. Register the App.
4. Take note of the 'Application (client) ID', it will be necessary in the HSNM settings
5. Take note also of the end points, also needed in the HSNM settings. They will look like:
   - OAuth 2.0 authorization endpoint (v2) = https://login.microsoftonline.com/<tene ... /authorize
   - OAuth 2.0 token endpoint (v2) = https://login.microsoftonline.com/<tene ... v2.0/token
6. Create a client secret (Certificates & secrets) and take note of the secret (shown only once).

• - Client ID - the 'Application (client) ID' from Azure AD App
• - Client Secret - the value shown once when created the client secret in AZure AD
• - OAuth Version - 2.0 (mandatory)
• - URL to Require the URL of the Access Token - the value of 'OAuth 2.0 token endpoint (v2)' from Azure AD.
  Which gives as URL: https://login.microsoftonline.com/<tene ... v2.0/token
• - Access Token Type - Bearer
• - URL of the Redirect Server - the value of 'OAuth 2.0 authorization endpoint (v2)' from Azure AD with those additional parameters:
  response_type=code&state={STATE}&client_id={CLIENT_ID}&scope={SCOPE}&redirect_uri={REDIRECT_URI}
  Which gives as URL: https://login.microsoftonline.com/<tene ... DIRECT_URI}
• - HTTP Method to Request Access Token - POST
• - HTTP Method that Returns the Access Token - GET
• - OAuth Parameters Passed through HTTP Authorization - No
• - Required Permissions to the OAuth Server - profile openid email https://graph.microsoft.com/User.ReadBasic.All

• - URL of the API that Returns the User's Data - https://graph.microsoft.com/v1.0/me
• - Parameters passed in the URL - No
• - Name of the Variable that Contains the Username - userPrincipalName
• - Name of the Variable that Contains the Given Name - givenName
• - Name of the Variable that Contains the Surname - surname
• - Name of the Variable that Contains the Email Address - mail

i have the same problem get this error message:

Sign in
Sorry, but we’re having trouble with signing you in.

AADSTS900023: Specified tenant identifier ' is neither a valid DNS name, nor a valid external domain.

Hi,

I finally get the Microsoft Azure AD working.

The setup on Azure AD is not difficult at all:

1. You need to register a new App in your Azure AD (App registrations)
2. Named it as you which and select the multitenancy as you need (single, multi and/or personal) and put the 'https://the.name.of.my.hsnm/social/cust ... 1login.php' as Redirect URI.
3. Register the App.
4. Take note of the 'Application (client) ID', it will be necessary in the HSNM settings
5. Take note also of the end points, also needed in the HSNM settings. They will look like:
   - OAuth 2.0 authorization endpoint (v2) = https://login.microsoftonline.com/<tene ... /authorize
   - OAuth 2.0 token endpoint (v2) = https://login.microsoftonline.com/<tene ... v2.0/token
6. Create a client secret (Certificates & secrets) and take note of the secret (shown only once).

And that's it for Azure AD.

On HSNM side, in the External Authentications / OAuth Custom Authentication, put the values as follow:

• - Client ID - the 'Application (client) ID' from Azure AD App
• - Client Secret - the value shown once when created the client secret in AZure AD
• - OAuth Version - 2.0 (mandatory)
• - URL to Require the URL of the Access Token - the value of 'OAuth 2.0 token endpoint (v2)' from Azure AD.
  Which gives as URL: https://login.microsoftonline.com/<tene ... v2.0/token
• - Access Token Type - Bearer
• - URL of the Redirect Server - the value of 'OAuth 2.0 authorization endpoint (v2)' from Azure AD with those additional parameters:
  response_type=code&state={STATE}&client_id={CLIENT_ID}&scope={SCOPE}&redirect_uri={REDIRECT_URI}
  Which gives as URL: https://login.microsoftonline.com/<tene ... DIRECT_URI}
• - HTTP Method to Request Access Token - POST
• - HTTP Method that Returns the Access Token - GET
• - OAuth Parameters Passed through HTTP Authorization - No
• - Required Permissions to the OAuth Server - profile openid email https://graph.microsoft.com/User.ReadBasic.All

The only thing that doesn't work is the user info retrieval.
I try with those parameters but the username remains random when the user is authenticated and connected.

• - URL of the API that Returns the User's Data - https://graph.microsoft.com/v1.0/me
• - Parameters passed in the URL - No
• - Name of the Variable that Contains the Username - userPrincipalName
• - Name of the Variable that Contains the Given Name - givenName
• - Name of the Variable that Contains the Surname - surname
• - Name of the Variable that Contains the Email Address - mail

The data returned by Microsoft Graph is a json content in the body of the response. And I don't know if your code send the token acquired in the request and parse correctly the response to fill the variables.

Best regards,
Bénoni.

Hi,

I finally get the Microsoft Azure AD working.

The setup on Azure AD is not difficult at all:

1. You need to register a new App in your Azure AD (App registrations)
2. Named it as you which and select the multitenancy as you need (single, multi and/or personal) and put the 'https://the.name.of.my.hsnm/social/cust ... 1login.php' as Redirect URI.
3. Register the App.
4. Take note of the 'Application (client) ID', it will be necessary in the HSNM settings
5. Take note also of the end points, also needed in the HSNM settings. They will look like:
   - OAuth 2.0 authorization endpoint (v2) = https://login.microsoftonline.com/<tene ... /authorize
   - OAuth 2.0 token endpoint (v2) = https://login.microsoftonline.com/<tene ... v2.0/token
6. Create a client secret (Certificates & secrets) and take note of the secret (shown only once).

And that's it for Azure AD.

On HSNM side, in the External Authentications / OAuth Custom Authentication, put the values as follow:

• - Client ID - the 'Application (client) ID' from Azure AD App
• - Client Secret - the value shown once when created the client secret in AZure AD
• - OAuth Version - 2.0 (mandatory)
• - URL to Require the URL of the Access Token - the value of 'OAuth 2.0 token endpoint (v2)' from Azure AD.
  Which gives as URL: https://login.microsoftonline.com/<tene ... v2.0/token
• - Access Token Type - Bearer
• - URL of the Redirect Server - the value of 'OAuth 2.0 authorization endpoint (v2)' from Azure AD with those additional parameters:
  response_type=code&state={STATE}&client_id={CLIENT_ID}&scope={SCOPE}&redirect_uri={REDIRECT_URI}
  Which gives as URL: https://login.microsoftonline.com/<tene ... DIRECT_URI}
• - HTTP Method to Request Access Token - POST
• - HTTP Method that Returns the Access Token - GET
• - OAuth Parameters Passed through HTTP Authorization - No
• - Required Permissions to the OAuth Server - profile openid email https://graph.microsoft.com/User.ReadBasic.All

The only thing that doesn't work is the user info retrieval.
I try with those parameters but the username remains random when the user is authenticated and connected.

• - URL of the API that Returns the User's Data - https://graph.microsoft.com/v1.0/me
• - Parameters passed in the URL - No
• - Name of the Variable that Contains the Username - userPrincipalName
• - Name of the Variable that Contains the Given Name - givenName
• - Name of the Variable that Contains the Surname - surname
• - Name of the Variable that Contains the Email Address - mail

The data returned by Microsoft Graph is a json content in the body of the response. And I don't know if your code send the token acquired in the request and parse correctly the response to fill the variables.

Best regards,
Bénoni.

This is an amazing job
Thanks for sharing.
S.T.