Backslash support for Azure SSO #8

christosachilleoudis · 2022-05-18T19:43:02Z

Background

Many organizations use Azure Active Directory to manage employee accounts. As a result, it is useful to support Azure AD for SSO for backslash.

Description

This PR adds SSO capability with Azure AD to backslash. The flow is as follows.

(1) Via the backslash frontend the user clicks the sign in with Azure AD button and is prompted for their username and password. This is implemented via the torii extension for azure active directory. The authorization code returned by azure is then redirected to the backslash backend. The authorization code also has privileges to be able to request user information.

(2) Using the authorization code, the backslash backend requests a user identity token (using the MSAL library). This token has the user email, first name, and last name. The user is then signed in using this information. If the authorization token is illegitimate, the identity token request will error out and the user will be asked to sign in again.

Verification

Manually, tested that azure SSO works and regular login still works.

…2 to environment.js

flask_app/auth.py

christosachilleoudis added 6 commits May 17, 2022 14:17

added Azure button, added login_azure function, added azure-ad2-oauth…

7dbb48e

…2 to environment.js

now programatically setting redirect uri

8cb274a

added msal package

c1e5368

restored markupsafe to 2.0.1

9d64436

reset ember deps and added torii with --save-dev

2a30c58

upgrading to node:10

ba7a1aa

christosachilleoudis marked this pull request as ready for review May 18, 2022 23:01

christosachilleoudis added 13 commits May 20, 2022 10:17

reading READIRECT_URI from environment

a037362

now printing original authorization token and error message

856788c

now using environment variable

16ed840

fixing syntax error

c478201

checking environment for secret_key and security_password_salt

6292cd5

added Azure AD icon inline

d668ae8

using redirectUri returned by torii

65dd504

removed unused imports

516af3b

deleted console logging

6559eaf

restored formatting of webapp/app/setup/template.hbs

dc75440

undo formatting on webapp/app/login/template.hbs

367c02b

restored formattign of webapp/config/environment.js

99bada4

missed an extra }

f03297e

klimburg reviewed Jun 2, 2022

View reviewed changes

flask_app/auth.py Outdated Show resolved Hide resolved

klimburg requested a review from Michelle-Ward June 2, 2022 22:30

christosachilleoudis force-pushed the add-azure-sso branch from 331d4c6 to f03297e Compare June 7, 2022 00:03

removed credentials from log statement

dd6bda3

klimburg self-requested a review June 8, 2022 00:19

klimburg approved these changes Jun 8, 2022

View reviewed changes

christosachilleoudis merged commit f4754e9 into develop Jun 8, 2022

klimburg mentioned this pull request Jul 28, 2022

Add azure sso #9

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Backslash support for Azure SSO #8

Backslash support for Azure SSO #8

Uh oh!

christosachilleoudis commented May 18, 2022 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Backslash support for Azure SSO #8

Backslash support for Azure SSO #8

Uh oh!

Conversation

christosachilleoudis commented May 18, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Background

Description

Verification

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

christosachilleoudis commented May 18, 2022 •

edited

Loading