Skip to main content

MULTI AZURE AD INTEGRATION

What needs to be done in Basic Azure AD integration;

First of all, on the Database side, it is necessary to edit the VALUE column that will correspond to the KEYNAME field of 'Security.Section-sys.AdditionalLoginMethods' in the CONFIGURATIONS table.

[

{

"name": "Azure AD",

"url": "https://```<```HOSTNAME```>```/oauth/azuread",

"icon": "",

"enabled": true,

"providerKeys": {

"TokenIssuer": "[https://login.microsoftonline.com/```<```TENANTID```>```/v2.0](https://login.microsoftonline.com/%3cTENANTID%3e/v2.0)",

"TokenAudience": "```<```CLIENTID```>```",

"OpenIdConfigurationEndPoint": "[https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration](https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration)"

}

}

]

HOSTNAME - > DNS address of the environment

TENANTID - > The tenantID of the customer's Azure account. It must be requested from the customer.

CLIENTID - > The clientid of the application registry that we want when integrating with Azure AD. This information has already been provided to us by existing customers and is used to configure the oauth service.

In Multi Azure AD integration, in the same way, the VALUE column that will correspond to the 'Security.Section-sys.AdditionalLoginMethods' KEYNAME field in the CONFIGURATIONS table on the Database side must be edited.

Example;

[

{

"name": "Azure AD1",

"url": "https://```<```HOSTNAME```>```/oauth/azuread1",

"icon": "https://synergy.net/logo1/ logo1.svg",

"enabled": true,

"providerKeys": {

"TokenIssuer": "[https://login.microsoftonline.com/```<```TENANTID```>```/v2.0](https://login.microsoftonline.com/%3cTENANTID%3e/v2.0)",

"TokenAudience": "```<```CLIENTID```>```",

"OpenIdConfigurationEndPoint": "[https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration](https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration)"

}

},

{

"name": "Azure AD2",

"url": "```<```HOSTNAME```>```https:///oauth/azuread2",

"icon": " https://synergy.net/logo2/ logo2.svg ",

"enabled": true,

"providerKeys": {

"TokenIssuer": "[https://login.microsoftonline.com/```<```TENANTID```>```/v2.0](https://login.microsoftonline.com/%3cTENANTID%3e/v2.0)",

"TokenAudience": "```<```CLIENTID```>```",

"OpenIdConfigurationEndPoint": "[https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration](https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration)"

}

},

{

"name": "Azure AD3",

"url": "https://```<```HOSTNAME```>```/oauth/azuread3",

"icon": " https://synergy.net/logo3/ logo3.svg ",

"enabled": true,

"providerKeys": {

"TokenIssuer": "[https://login.microsoftonline.com/```<```TENANTID```>```/v2.0](https://login.microsoftonline.com/%3cTENANTID%3e/v2.0)",

"TokenAudience": "```<```CLIENTID```>```",

"OpenIdConfigurationEndPoint": "[https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration](https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration)"

}

}

]  
```<```![if !supportLineBreakNewLine]```>```  
```<```![endif]```>```

The "name" parameter indicates which domain name it will correspond to.

In the "url" parameter, it is the value of the AZURE_URL parameter specified in the configmap of the services created on the server side. As can be seen in the example above, azuread1, azuread2 and azuread3 are named for each domain.

The "icon": parameter represents the logos that will be reflected on the login page for each domain.

In the "TokenIssuer" and "TokenAudience" parameters, the TENANT_ID and CLIENT_ID values of each domain are specified.

After the change made on the database side, the core service should be restarted.

On the server side;

First of all, as many domains as there are, as many oauth services should be created.

By adding the necessary information to the fields related to the script below, a service is created with helm on the server side.

helm upgrade --install oauthservice-0 --atomic --namespace=synergy --set deploymentName=oauthservice-0 --set environments.azureEnabled=false --set environments.googleEnabled=false --set environments.linkedInEnabled=false --set environments.ldapEnabled=true --set environments.oauth20Enabled=false --set environments.ldapUrl="" --set environments.ldapPort=3003 --set environments.azurePort=3000 --set environments.googlePort=3001 --set environments.linkedInPort=3002 --set environments.oauth20Port=3004 --set environments.ldapBindDN=" " --set environments.ldapBindCredentials= environments.ldapSearchBase= --set environments.ldapSearchFilter=\(sAMAccountName\=\{\{username\}\}\) --set global.image.repository=synergystable.azurecr.io synergystable.azurecr.io/oauthservice

Arrangements are provided in the configmap section of each service with the following command.

Kubectl edit cm -n synergy oauthservice-0-cm

Arrangements are provided on the service side by entering the information in the AZURE_CLIENTID, AZURE_CLIENTSECRET, AZURE_URL parameters.

Finally, the integration is completed by restarting the created oauth services.