Connect Azure AD as an External IDP with Gluu Server through Passport#
Requirements#
- Azure AD administration portal
- Gluu Server with Passport installed
Register Application at Azure Portal#
- Login into Azure Portal
- Go to Microsoft Entra ID( Previously known as Azure AD)
- Go to Enterprise applications (left sidebar)
- New Application > Create your Own application
- Set your application name and choose 2nd one from the application type (Register an application to integrate with Microsoft Entra ID (App you're developing)) then create
- On the next page, choose account types (single tenant)
- register
Configure Application#
Go to Enterprise application again, you will see a list of applications there.
- select the application you just created in the above steps
- go to user and groups and add some users
- go to Single sign-on > Application Settings. You will see details of the application
- from Endpoints You will get an OpenID configuration Endpoint which may look like this:
https://login.microsoftonline.com/[Directory (tenant) ID]/v2.0/.well-known/openid-configuration
Grab: - from the OpenID Config URL grab the issuer - Application / Client ID - Client credential (go to client credential > create a client secret and copy value)
Create Provider at Gluu Server#
Create a passport provider from the gluu server like the below image.
- client_id: azure application/client id
- client secret: application client credential
- issuer: application issuer URL
- scope: openid, email, profile
- token_endpoint_auth_method: client_secret_post
After creating the provider, grab the Callback URL which we are going to add on the application.
Add Redirect URI in the application#
- Go to the application
- Select Authentication
- Add Platform > Web > add redirect URI
We are done. You can test from the gluu server using the passport social authentication method. See the video here