Skip to content

Add azure sso #9

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 20 commits into from
Jul 28, 2022
Merged

Add azure sso #9

merged 20 commits into from
Jul 28, 2022

Conversation

@klimburg
Copy link

@klimburg klimburg commented Jul 28, 2022

Duplicates PR #8 just into ps-develop instead of develop

Background

Many organizations use Azure Active Directory to manage employee accounts. As a result, it is useful to support Azure AD for SSO for backslash.

Description

This PR adds SSO capability with Azure AD to backslash. The flow is as follows.

(1) Via the backslash frontend the user clicks the sign in with Azure AD button and is prompted for their username and password. This is implemented via the torii extension for azure active directory. The authorization code returned by azure is then redirected to the backslash backend. The authorization code also has privileges to be able to request user information.

(2) Using the authorization code, the backslash backend requests a user identity token (using the MSAL library). This token has the user email, first name, and last name. The user is then signed in using this information. If the authorization token is illegitimate, the identity token request will error out and the user will be asked to sign in again.

Verification

Manually, tested that azure SSO works and regular login still works.

@christosachilleoudis
added Azure button, added login_azure function, added azure-ad2-oauth…
7dbb48e 
…2 to environment.js
@christosachilleoudis
now programatically setting redirect uri
8cb274a
@christosachilleoudis
added msal package
c1e5368
@christosachilleoudis
restored markupsafe to 2.0.1
9d64436
@christosachilleoudis
reset ember deps and added torii with --save-dev
2a30c58
@christosachilleoudis
upgrading to node:10
ba7a1aa
@christosachilleoudis
reading READIRECT_URI from environment
a037362
@christosachilleoudis
now printing original authorization token and error message
856788c
@christosachilleoudis
now using environment variable
16ed840
@christosachilleoudis
fixing syntax error
c478201
@christosachilleoudis
checking environment for secret_key and security_password_salt
6292cd5
@christosachilleoudis
added Azure AD icon inline
d668ae8
@christosachilleoudis
using redirectUri returned by torii
65dd504
@christosachilleoudis
removed unused imports
516af3b
@christosachilleoudis
deleted console logging
6559eaf
@christosachilleoudis
restored formatting of webapp/app/setup/template.hbs
dc75440
@christosachilleoudis
undo formatting on webapp/app/login/template.hbs
367c02b
@christosachilleoudis
restored formattign of webapp/config/environment.js
99bada4
@christosachilleoudis
missed an extra }
f03297e
@christosachilleoudis
removed credentials from log statement
dd6bda3
@christosachilleoudis christosachilleoudis merged commit eb3941d into ps-develop Jul 28, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@klimburg @christosachilleoudis