Skip to content

Azure AD

Jump to bottom Edit New page
Mayuresh Pawar edited this page Sep 7, 2023 · 1 revision

Azure AD Configuration

  1. Open Enterprise Application in Microsoft Azure

  2. Create a new non-gallery application by clicking on "New Application."

  3. Then click on "Create Your New Application."

  4. Now, go to the "Single Sign-On" tab.

  5. Choose "SAML-based Single Sign-On."

  6. There are five sections in it:

    a) Basic SAML Configuration: - This section contains your application URL. - Identifier (Entity ID): The identifier of your project. - Reply URL (Assertion Consumer Service URL). - Sign-on URL.

    b) Attributes & Claims: - You can configure this section if you want any extra fields from Azure. You have to map these attributes in the attribute-map.yml file. - It contains the name, namespace, and source attribute. - Namespace is optional, but if you insert it, then the key in your attributes file will be: namespace/name: value_in_user_table. Otherwise, it will be: name: value_in_user_table.

    c) SAML Certificates: - These are auto-generated for adding fingerprints in your device config. You can download the certificate (BASE64) and use it to generate a fingerprint. Certificate Generation Tool.

    d) Set up Identifier (Entity ID): - This section will have the links you're going to need to configure in the application:

devise.rb:

     config.saml_create_user = true
     config.saml_update_user = true
     config.saml_default_user_key = :email
     config.saml_session_index_key = :session_index
     config.saml_route_helper_prefix = 'saml'

     config.saml_configure do |settings|
       settings.assertion_consumer_service_url = Reply URL (Assertion Consumer Service URL)
       settings.issuer = Identifier (Entity ID)
       settings.assertion_consumer_service_binding = 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
       settings.name_identifier_format = 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
       settings.authn_context = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Password'
       settings.idp_cert_fingerprint = Fingerprint generated from point c
       settings.idp_cert_fingerprint_algorithm = Signing algorithm (SAML Signing Certificate)
       settings.idp_slo_target_url = 'https://localhost/simplesaml/www/saml2/idp/SingleLogoutService.php'
       settings.idp_entity_id = Login URL
       settings.idp_sso_target_url = Azure AD Identifier
     }

attribute-map.yml:

       
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname": "last_name"
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname": "first_name"
       "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress": "email"

Here

Add a custom sidebar
Clone this wiki locally