DADA CLI is a CLI tool designed for testing the operation and features of Entra ID (Azure Active Directory). It enables the verification of functionalities in app registrations and enterprise applications, particularly focusing on SAML and OAuth 2.0.
-
OAuth 2.0, Open ID Connect
- You can experience the Authorization Code Flow and Client Credentials Flow.
- Display and decode the obtained access tokens and ID tokens, enabling you to inspect their contents.
- Use of simple Graph API operations to experience Continuous Access Evaluation (CAE).
- Load a certificate file and create a JWT assertion.
By utilizing these features, you can easily verify the information and functionalities included in the token claims within Entra ID."
-
SAML
- You can easily experience SAML Single Sign-On (SSO) in Entra ID.
- Generates SAML requests and decodes and displays SAML responses.
- The command options allow you to specify the SAML request signature, Authentication Context, and Name ID Format.
It allows you to easily test how Entra ID behaves when each of these settings is implemented."
- Installation
$ git clone https://github.com/iamkdada/Azure-AD-OAuth-SAML-Python-Demo-CLI-APP.git $ cd Azure-AD-OAuth-SAML-Python-Demo-CLI-APP $ python3 -m venv venv $ pip3 install -r requirements.txt $ export PATH="$PATH:$PWD/src"
- Download this project
- Extract the downloaded project.
- Create a virtual environment at this project dir.
> python -m venv venv
- Download the required libraries.
> pip install -r requirements.txt
- Set up the environment variables.
> $Env:PATH += ";$PWD\src"
set PATH=%PATH%;%CD%\src
Plan to make improvements for easier installation.
- Browse to [Azure Portal]>[Microsoft Entra ID]>[App Registrations] and select New registration.
- Enter a Name for your application, for example dada-cli-oidc. Users of your app might see this name, and you can change it later.
- Select bellow
- Account Type : "Accounts in this organizational directory only"
- Platform"Public client/native (mobile & desktop)"
- Redirect uri : http://localhost
- Select Register to create the application.
- Setting Tenant ID & Client ID
dada configure --tenant-id "<Your Tenant ID>" --client-id "Registered Application ID"
- Let's token request
dada auth-code token-request
- Browse to [Azure Portal]>[Microsoft Entra ID]>[Enterprise Application] and select New application.
- Select Create your own application
- Enter a Name for your application, for example dada-cli-saml. Users of your app might see this name, and you can change it later.
- Select "Integrate any other application you don't find in the gallery (Non-gallery)" and select Create
- Browse to [Single sign-on]>[SAML] and select Edit.
- Add identifier, for example dada.
- Add reply URL as http://localhost
- Setting Tenant ID & Client ID
dada configure --tenant-id "<Your Tenant ID>" --entity-id "Registered Application Entity ID"
- Let's saml request
dada saml saml-request
-
auth code token request
$ dada auth-code token-request "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Imk2bEdrM0ZaenhSY1ViMkMzbkV~~~~~~~~~ "
-
decode token
$ dada auth-code show --token id --decode { "aud": "<GUID>", "exp": 1700021556, "iat": 1700017656, "iss": "https://login.microsoftonline.com/<tenant id>/v2.0", "name": "hoge hoge", "nbf": 1700017656, "oid": "<GUID>", "preferred_username": "hoge@*****.com", "rh": "0.AXwAji****************************", "sub": "XWFP_8f3rjEyjvlUzzTVB0v0W2I3DGxVn0*********", "tid": "GUID", "uti": "sBSSf-s2rkujr********", "ver": "2.0" }
-
saml request
$ dada saml saml-request --sign --force-authn " <decode saml resuponse> "