eBA Login with Azure AD

What to Install:

• Node.js
• https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=5.0.17&arch=x64&rid=win10-x
• https://aka.ms/dotnet-core-applaunch?framework=Microsoft.AspNetCore.App&framework_version=5.0.0&arch=x64&rid=win10-x

What to Adjust:

eBAConfiguration**

• Security>Ouath20 breakdown should be added.
• BaseUrl : The default eBA address must be defined.
• Enabled : The parameter that activates the AzureAD log.
• Port : Port information that will work on the Node.js side.

After the definitions to be made on the eBAConfiguration side, the eBAServer.exe.config file Its content should be edited.

eBAServer.exe.config

• eBAGRPServiceEnabled : Parameter that activates the service to run in the background.
• eBAWebAddress : URL information in the eBAConfiguration Web site.
• ValidaterPayload : The value here is fixed as email. ExternalUsername information in this We take it on value.
• ValidaterValidAudiences : ClientID information.
• eBAGrpcServicePort : The port information on which the gpc service will run. An unused system port can be defined.
• eBAOAUTH20PORT : Port defined on the Azure side.
• AuthJSPath : app.js in the authentication-oath\synergy-auth folder in the eBA directory The way should be given. (C:\BimserSolution\authentication-oath\synergy-auth\app.js)

AuthVariables :

INTERNALAPISERVICEADDRESS= localhost:50052 |OAUTH20_PORT= 4006 |OAUTH20_URL= http:/ /localhost:4006 |OAUTH20_AUTHORIZEURL=https://login.microsoftonline.com/ 3462e409- AC7A-457A- 8bd0** /oauth2/v2.0/authorize|OAUTH20_TOKENURL=https://login.microsofton line.com/ 3462e409-* /oauth2/v2.0/token|OAUTH20_CLIENTID= 168d55bf-83c6- |OAUTH20_CLIENTSECRET= XKc8Q~u2urzy78LPO67JV~** |OAUTH _SCOPE=openid profile email user.read|OAUTH20_SCOPESEPARATOR= |OAUTH20_USERPROFILEURL=https://graph.microsoft.com/v1.0/me|OAUTH20_ENABLED=true "/>

• The authvariables section is included as a whole. Where changes need to be made I colored it.
• Except for ClientID and ClientSecret, the part I colored GREEN is the TenantID value. Entering the tenantID information defined in the customers' Azure environment in these sections Need.

SystemManager:

• For example, for a user with adogru@bimser.com account, that user The value of ADOGRU must be entered in the externalUsername information.

Usage:

• After the settings are made, the Azure AD login button becomes visible on the eBA login screen.

• When clicked, it is directed to the microsoft login screen and after the user logs in, the relevant user is automatically logged in.

Considerations:

• To observe that eBAGRPService is running, see TaskManager > Details.

This service is a service that stands up with eBA services.

• Instead of logging in to the user after logging in with Azure If it is redirected to the login screen, the following setting should be made.

eba.net > In the SessionState section of the Web.config file, "cookieSameSite="Strict" Tests can be performed by changing the value in the form to Lax.

• Apart from this, when an undetectable error is encountered, Windows > Event Viewer part can be examined.