- Run
composer require shawinigan/sso
to include this in your project. - Run
php artisan vendor:publish --provider="Shawinigan\Sso\LaravelAzureProvisioning\AzureProvisioningProvider"
. - Run
php artisan vendor:publish --provider="Shawinigan\Sso\LaravelAzureSocialite\AzureSocialiteServiceProvider"
. - Run
npm install
- Run
npm run build
- Run
npm run dev
- Run
php artisan migrate
-
Open
config/azureprovisioning.php
to adjust the packages configurationIf the file doesn't exist, ensure you have ran
php artisan vendor:publish --provider="Shawinigan\Sso\LaravelAzureProvisioning\AzureProvisioningProvider"
. -
Modify the configuration as required. All fields are commented and should provide enough description for how they change the way this package works.
-
If you do not wish to provision Groups you can entirely remove (or comment) the
Groups
key. -
Open
config/shawi-sso.php
to adjust the packages configuration
'azure' => [
'client_id' => env('AZURE_CLIENT_ID'),
'client_secret' => env('AZURE_CLIENT_SECRET'),
'redirect' => env('AZURE_REDIRECT_URI'),
'tenant' => env('AZURE_TENANT_ID'),
'proxy' => env('PROXY') // optionally
],
Configure the package's listener to listen for SocialiteWasCalled
events.
Add the event to your listen[]
array in app/Providers/EventServiceProvider
. See the Base Installation Guide for detailed instructions.
protected $listen = [
\SocialiteProviders\Manager\SocialiteWasCalled::class => [
\Shawinigan\Sso\LaravelAzureSocialite\AzureExtendSocialite::class.'@handle',
],
];
- ###Add the AzureUser trait to the user model
use Shawinigan\Sso\LaravelAzureSocialite\Traits\AzureUser;
class User extends Authenticatable
{
use HasApiTokens, HasFactory, Notifiable, HasRoles, AzureUser;
7. ### Add fillable and hidden to user model
```php
protected $fillable = [
'name',
'email',
'password',
'azure_auth_id',
'azure_access_token',
'azure_refresh_token',
'username',
'avatar',
'azure_expires_timestamp'
];
protected $hidden = [
'password',
'remember_token',
'azure_auth_id',
'azure_access_token',
'azure_refresh_token',
'azure_expires_timestamp'
];
-
Login to Azure Active Directory
-
Select All services > Enterprise applications
-
Select New application
-
Select Create your own application
-
Provide your application's name and select the option "Integrate any other application you don't find in the gallery (Non-gallery)"
-
A) To provision all users/groups
- On the properties page, ensure the option "User assignment required?" is set to No
--OR--
-
B) To provision select users/groups
- On the Properties page, ensure the option "User assignment required?" is set to Yes
- On the Users and groups page, add the users and groups that you wish to provision
-
Navigate to the Provisioning page
-
Set the Provisioning Mode to Automatic
-
In the Admin Credentials section set the Tenant URL to your domain (with https://) followed by
/scim/v2.0/
(Or the value you have set in in theroutePrefix
configuration option). (e.g.https://laravel-azure-provisioning.com/scim/v2.0/
) -
TODO: Provide the secret token generated by ... ?
-
Test the configuration and then save the settings
-
Expand the mapping section and remove any mappings that are not required by your application and add mappings that are missing and required by your application.
-
Save the settings again
Note: If you only want users within set groups to be provisioned, follow the steps in 6 B) and add the groups you require. Only the members of the group will then be provisioned.
This repository is based on : https://github.com/RobTrehy/LaravelAzureProvisioning https://github.com/SocialiteProviders/Microsoft-Azure