From 2ca5de9d448c165d4a37bdb22024ac305b6109db Mon Sep 17 00:00:00 2001 From: Martin Loetzsch Date: Wed, 6 Feb 2019 23:07:53 +0100 Subject: [PATCH 1/8] update Readme for Azure Active Directory --- README.md | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 7c93bbc..e80cc7e 100644 --- a/README.md +++ b/README.md @@ -96,11 +96,19 @@ Note: The user is checked against the group members list on initial authenticati ### Azure Auth Provider -1. [Add an application](https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/) to your Azure Active Directory tenant. -2. On the App properties page provide the correct Sign-On URL ie `https://internal.yourcompany.com/oauth2/callback` -3. If applicable take note of your `TenantID` and provide it via the `--azure-tenant=` commandline option. Default the `common` tenant is used. +1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose "Azure Active Directory" in the left menu, select "App registrations" and then click on "New app registration". +2. Pick a name and choose "Webapp / API" as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click "Create". +3. On the "Settings" / "Properties" page of the app, pick a logo and select "Multi-tenanted" if you want to allow users from multiple organizations to access your app. Note down the application ID. Click "Save". +4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). +5. On the "Settings" / "Reply URLs" page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click "Save". +6. On the "Settings" / "Keys" page of the app, add a new key and note down the value after hitting "Save". +7. Configure the proxy with -The Azure AD auth provider uses `openid` as it default scope. It uses `https://graph.windows.net` as a default protected resource. It call to `https://graph.windows.net/me` to get the email address of the user that logs in. +``` + --provider=azure \ + --client-id= \ + --client-secret= +``` ### Facebook Auth Provider From 8d737404251b7a9c30e291d8bd19143879614fa5 Mon Sep 17 00:00:00 2001 From: Martin Loetzsch Date: Tue, 19 Feb 2019 14:59:13 +0100 Subject: [PATCH 2/8] Remove backslashes from azure configuration example --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e80cc7e..ffa5951 100644 --- a/README.md +++ b/README.md @@ -105,8 +105,8 @@ Note: The user is checked against the group members list on initial authenticati 7. Configure the proxy with ``` - --provider=azure \ - --client-id= \ + --provider=azure + --client-id= --client-secret= ``` From a8a68284c9dd1446525517f47952da2d95d775f7 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Thu, 11 Apr 2019 21:29:12 +0200 Subject: [PATCH 3/8] Update README.md Co-Authored-By: martin-loetzsch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ffa5951..8c9d56c 100644 --- a/README.md +++ b/README.md @@ -101,7 +101,7 @@ Note: The user is checked against the group members list on initial authenticati 3. On the "Settings" / "Properties" page of the app, pick a logo and select "Multi-tenanted" if you want to allow users from multiple organizations to access your app. Note down the application ID. Click "Save". 4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). 5. On the "Settings" / "Reply URLs" page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click "Save". -6. On the "Settings" / "Keys" page of the app, add a new key and note down the value after hitting "Save". +6. On the **"Settings"** / **"Keys"** page of the app, add a new key and note down the value after hitting **"Save"**. 7. Configure the proxy with ``` From 2511f1cd7588983b9d17f0dab18870d20d3fd5f1 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 12 Apr 2019 11:08:26 +0200 Subject: [PATCH 4/8] Update README.md Co-Authored-By: martin-loetzsch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c9d56c..94f6202 100644 --- a/README.md +++ b/README.md @@ -96,7 +96,7 @@ Note: The user is checked against the group members list on initial authenticati ### Azure Auth Provider -1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose "Azure Active Directory" in the left menu, select "App registrations" and then click on "New app registration". +1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose **"Azure Active Directory"** in the left menu, select **"App registrations"** and then click on **"New app registration"**. 2. Pick a name and choose "Webapp / API" as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click "Create". 3. On the "Settings" / "Properties" page of the app, pick a logo and select "Multi-tenanted" if you want to allow users from multiple organizations to access your app. Note down the application ID. Click "Save". 4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). From dd3244e465e920715165b03a442850c2750a82fa Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 12 Apr 2019 11:08:34 +0200 Subject: [PATCH 5/8] Update README.md Co-Authored-By: martin-loetzsch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 94f6202..c80f329 100644 --- a/README.md +++ b/README.md @@ -98,7 +98,7 @@ Note: The user is checked against the group members list on initial authenticati 1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose **"Azure Active Directory"** in the left menu, select **"App registrations"** and then click on **"New app registration"**. 2. Pick a name and choose "Webapp / API" as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click "Create". -3. On the "Settings" / "Properties" page of the app, pick a logo and select "Multi-tenanted" if you want to allow users from multiple organizations to access your app. Note down the application ID. Click "Save". +3. On the **"Settings"** / **"Properties"** page of the app, pick a logo and select **"Multi-tenanted"** if you want to allow users from multiple organizations to access your app. Note down the application ID. Click **"Save"**. 4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). 5. On the "Settings" / "Reply URLs" page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click "Save". 6. On the **"Settings"** / **"Keys"** page of the app, add a new key and note down the value after hitting **"Save"**. From 6df85b9787a6d045ed7a53965b31a7c6b60492b6 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 12 Apr 2019 11:08:42 +0200 Subject: [PATCH 6/8] Update README.md Co-Authored-By: martin-loetzsch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c80f329..fcd77fe 100644 --- a/README.md +++ b/README.md @@ -100,7 +100,7 @@ Note: The user is checked against the group members list on initial authenticati 2. Pick a name and choose "Webapp / API" as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click "Create". 3. On the **"Settings"** / **"Properties"** page of the app, pick a logo and select **"Multi-tenanted"** if you want to allow users from multiple organizations to access your app. Note down the application ID. Click **"Save"**. 4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). -5. On the "Settings" / "Reply URLs" page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click "Save". +5. On the **"Settings"** / **"Reply URLs"** page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click **"Save"**. 6. On the **"Settings"** / **"Keys"** page of the app, add a new key and note down the value after hitting **"Save"**. 7. Configure the proxy with From 70c4ca95b6e055efa16a1436e85883c583480162 Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 12 Apr 2019 11:23:01 +0200 Subject: [PATCH 7/8] Update README.md Co-Authored-By: martin-loetzsch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fcd77fe..aecb0cf 100644 --- a/README.md +++ b/README.md @@ -97,7 +97,7 @@ Note: The user is checked against the group members list on initial authenticati ### Azure Auth Provider 1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose **"Azure Active Directory"** in the left menu, select **"App registrations"** and then click on **"New app registration"**. -2. Pick a name and choose "Webapp / API" as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click "Create". +2. Pick a name and choose **"Webapp / API"** as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click **"Create"**. 3. On the **"Settings"** / **"Properties"** page of the app, pick a logo and select **"Multi-tenanted"** if you want to allow users from multiple organizations to access your app. Note down the application ID. Click **"Save"**. 4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). 5. On the **"Settings"** / **"Reply URLs"** page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click **"Save"**. From 484771b98abded87ee286b2edf616542471cfdca Mon Sep 17 00:00:00 2001 From: Joel Speed Date: Fri, 12 Apr 2019 11:23:12 +0200 Subject: [PATCH 8/8] Update README.md Co-Authored-By: martin-loetzsch --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index aecb0cf..6897f11 100644 --- a/README.md +++ b/README.md @@ -99,7 +99,7 @@ Note: The user is checked against the group members list on initial authenticati 1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose **"Azure Active Directory"** in the left menu, select **"App registrations"** and then click on **"New app registration"**. 2. Pick a name and choose **"Webapp / API"** as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click **"Create"**. 3. On the **"Settings"** / **"Properties"** page of the app, pick a logo and select **"Multi-tenanted"** if you want to allow users from multiple organizations to access your app. Note down the application ID. Click **"Save"**. -4. On the "Settings" / "Required Permissions" page of the app, click on "Windows Azure Active Directory" and then on "Access the directory as the signed in user". Hit "Save" and then then on "Grant permissions" (you might need another admin to do this). +4. On the **"Settings"** / **"Required Permissions"** page of the app, click on **"Windows Azure Active Directory"** and then on **"Access the directory as the signed in user"**. Hit **"Save"** and then then on **"Grant permissions"** (you might need another admin to do this). 5. On the **"Settings"** / **"Reply URLs"** page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click **"Save"**. 6. On the **"Settings"** / **"Keys"** page of the app, add a new key and note down the value after hitting **"Save"**. 7. Configure the proxy with