CODEWITHSUNDEEP
azureazure-active-directoryjhipster
user1337302
user1337302

Reputation: 123

JHipster with Azure Active Directory instead of Keycloak or Okta

I want to develop a SaaS app and deploy it on Azure. Because the business logic will be not so complex so I want to use as a starter kit JHipster. The app will be have two types of users: the "office" users which want to sign into the app using Office 365 account and the "normal" users which want to use their social accounts like Google or Facebook or simply create a new local account. All accounts should be managed by Azure and no password should be stored in our database.

First question is about Azure: which type of AAD should I use? B2B or B2C? Or a mix of both?

Second about JHipster: is it possible to configure JHipster to authenticate users against AAD? Which option should I select in the question about authentication creating the JHipster's app?

Third about Azure: it would be nice if the "office" user could add our SaaS app to the list of apps in the Office 365 main screen. Is it possible?

I have only "on-premise" experience, so maybe my questions are simple but these are my first steps into any clouds, in this case into Azure.

Regards, Jacek

Upvotes: 2

Views: 2563

Answers (2)

Axel Roam
Axel Roam

Reputation: 1

Isn't the call to the graph API a GET instead of POST? Did this get changed on later jhipster releases? If so then some more work needs to be done to change the operation. In addition, I don't think the user-info-uri: https://graph.windows.net/me?api-version=1.6 endpoint gives you user roles (AD groups)you would have to make a second call. This of course depends of how your IDP was configured internally.

Upvotes: 0

Nimo1981
Nimo1981

Reputation: 132

Pre Requisites: You need to have registered your app in the azure tenent and obtain a client id and secret. Register App

In your application.yml file settings like these should connect you to azure ad.

# ===================================================================
# OpenID Connect Settings. Default settings are for Azure
# ===================================================================
security:
    oauth2:
    client:
        access-token-uri: https://login.microsoftonline.com/common/oauth2/token
        user-authorization-uri: https://login.microsoftonline.com/common/oauth2/authorize
        client-id: <<yourclientid>>
        client-secret: <<yourregistry>>
        client-authentication-scheme: query
        preEstablishedRedirectUri: http://localhost:8885/login
        useCurrentUri: false
    resource:
        user-info-uri: https://graph.windows.net/me?api-version=1.6
        id:  https://graph.windows.net/

You will need to update the UserService class method getUser() to pull down the correct information.

private static User getUser(Map<String, Object> details) {
    User user = new User();
    user.setId((String) details.get("userPrincipalName"));
    user.setLogin(((String) details.get("userPrincipalName")).toLowerCase());
    if (details.get("givenName") != null) {
        user.setFirstName((String) details.get("givenName"));
    }
    if (details.get("surname") != null) {
        user.setLastName((String) details.get("surname"));
    }
    if (details.get("displayName") != null) {
        user.setDisplayName((String) details.get("displayName"));
    }
    if (details.get("email_verified") != null) {
        user.setActivated((Boolean) details.get("email_verified"));
    }
    if (details.get("userPrincipalName") != null) {
        user.setEmail(((String) details.get("userPrincipalName")).toLowerCase());
    }
    if (details.get("langKey") != null) {
        user.setLangKey((String) details.get("langKey"));
    } else if (details.get("locale") != null) {
        String locale = (String) details.get("locale");
        if (locale.contains("-")) {
          String langKey = locale.substring(0, locale.indexOf("-"));
          user.setLangKey(langKey);
        } else if (locale.contains("_")) {
          String langKey = locale.substring(0, locale.indexOf("_"));
          user.setLangKey(langKey);
        }
    }
    if (details.get("[email protected]") != null) {
        user.setImageUrl((String) details.get("[email protected]"));
    }
    user.setActivated(true);
    return user;
}

Upvotes: 3

Related Questions