Skip to content

Azure AD configuration

Dann edited this page Oct 29, 2020 · 3 revisions

Scholarsphere 4 is an oauth client for AzureAD, we get directory information and groups from AzureAD

Each developer will have an APP_ID, and APP_SECRET generated for them, shoot a message in #scholarsphere-dev to obtain credentials

The App registration is good for the following reply URLs. if your environment is different please let us know and we'll try to work something out

https://scholarsphere-4.test/users/auth/azure_oauth/callback
http://localhost:3000/users/auth/azure_oauth/callback

Once the Oauth Client Application is configured, set the following in your env , or application.yml

OAUTH_APP_SECRET=''
OAUTH_APP_ID=''
OAUTH_APP_URL=
OAUTH_AUTHORIZE_URL=
OAUTH_TOKEN_URL=

If you set the ENV variable of AZURE_GRAPH_GROUPS your group information will come out of the Microsoft Graph API, if the ENV variable is absent your groups will come out of the ID token. For a large percentage of users this is 1 in the same. There is a limitation on the # of items that can be in an ID token, so for users with a large number of groups the AZURE_GRAPH_GROUPS variable is preferred.

Migrating from psu-authproxy

bundle exec rails c 
user = User.all
user.each do |u|
  u.provider = 'azure_oauth'
  u.save
end

adding a reply URL

1.) aad.portal.azure.com/ 2.) Click on "Azure Active Directory" 3.) Click on "App Registrations" 4.) Click on "Penn State University Libraries" 5.) Click on "Authention" 6.) Click on "add URI" below the list of URIs. input the new uri and save

OR

This link might get you there https://aad.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/5558bf6e-4332-4c6c-8881-fd43331773d0/isMSAApp/

Clone this wiki locally