-
Notifications
You must be signed in to change notification settings - Fork 7
Azure AD configuration
Scholarsphere 4 is an oauth client for AzureAD, we get directory information and groups from AzureAD
Each developer will have an APP_ID, and APP_SECRET generated for them, shoot a message in #scholarsphere-dev to obtain credentials
The App registration is good for the following reply URLs. if your environment is different please let us know and we'll try to work something out
https://scholarsphere-4.test/users/auth/azure_oauth/callback
http://localhost:3000/users/auth/azure_oauth/callback
Once the Oauth Client Application is configured, set the following in your env , or application.yml
OAUTH_APP_SECRET=''
OAUTH_APP_ID=''
OAUTH_APP_URL=
OAUTH_AUTHORIZE_URL=
OAUTH_TOKEN_URL=
If you set the ENV variable of AZURE_GRAPH_GROUPS your group information will come out of the Microsoft Graph API, if the ENV variable is absent your groups will come out of the ID token. For a large percentage of users this is 1 in the same. There is a limitation on the # of items that can be in an ID token, so for users with a large number of groups the AZURE_GRAPH_GROUPS variable is preferred.
Migrating from psu-authproxy
bundle exec rails c
user = User.all
user.each do |u|
u.provider = 'azure_oauth'
u.save
end
1.) aad.portal.azure.com/ 2.) Click on "Azure Active Directory" 3.) Click on "App Registrations" 4.) Click on "Penn State University Libraries" 5.) Click on "Authention" 6.) Click on "add URI" below the list of URIs. input the new uri and save
OR
This link might get you there https://aad.portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/5558bf6e-4332-4c6c-8881-fd43331773d0/isMSAApp/