Azure AD per tenant setup #2468 | Support Center | ABP Commercial

shobhit created 2 years ago

ABP Framework version: v4.2.2
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes /
Exception message and stack trace:NA
Steps to reproduce the issue:"NA

Hi Team, i have done changes in Identity server and Host service to consider Azure AD authorization provider. I need 2 answers:

Now host and every tenant both get "Azure AD" authorization button but we would like to have Azure AD auth button based on host/tenant configuration and consider respective configuration values only.
By default ABP don't provide UI for external provider except google, microsoft and twitter. how i can add UI for these providers i.e. extend the current ui.

18 Answer(s)

shobhit created 2 years ago

Hello team. any update for me. i have tried to look from my side.

    .AddTwitter(TwitterDefaults.AuthenticationScheme, options => options.RetrieveUserDetails = true)
    .WithDynamicOptions<TwitterOptions, TwitterHandler>(
        TwitterDefaults.AuthenticationScheme,
        options =>
        {
            options.WithProperty(x => x.ConsumerKey);
            options.WithProperty(x => x.ConsumerSecret, isSecret: true);
        }
    )
    .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
    {
        options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
        options.ClientId = configuration["AzureAd:ClientId"];
        options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
        options.CallbackPath = configuration["AzureAd:CallbackPath"];
        options.ClientSecret = configuration["AzureAd:ClientSecret"];
        options.RequireHttpsMetadata = false;
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
        options.Scope.Add("email");
    
        options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
    });

As per my understand ".WithDynamicOptions<TwitterOptions, TwitterHandler>(" do a lot of magic. Now question is like "TwitterOptions, TwitterHandler" what will be option and handler for AzureAd and O365.

0

maliming created 2 years ago
Support Team Fullstack Developer

hi

You can use WithDynamicOptions for AzuerOpenId.

shobhit created 2 years ago

Hello Maliming, I have done following changes:

identitySeverModule --> ConfigureServices() method done follwoing changes:

 .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
                {
                    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
                    options.RequireHttpsMetadata = false;
                    options.SaveTokens = true;
                    options.GetClaimsFromUserInfoEndpoint = true;
                    options.Scope.Add("email");
                    options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
                    options.CallbackPath = configuration["AzureAd:CallbackPath"];
                    //options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
                    //options.ClientId = configuration["AzureAd:ClientId"];
                    //options.ClientSecret = configuration["AzureAd:ClientSecret"];
                })
                .WithDynamicOptions<OpenIdConnectOptions, OpenIdConnectHandler>(
                "AzureOpenId",
                options => {
                    options.WithProperty(x => x.Authority);
                    options.WithProperty(x => x.ClientId);
                    options.WithProperty(x => x.ClientSecret, isSecret: true);
                }
                )

Values in ABPsetting looks like

[{"name":"Google","enabled":true,"properties":[{"name":"ClientId","value":"XXXX"}],"secretProperties":[{"name":"ClientSecret","value":"XXXX"}]},{"name":"Microsoft","enabled":true,"properties":[{"name":"ClientId","value":"XXXX"}],"secretProperties":[{"name":"ClientSecret","value":"XXXX"}]},{"name":"Twitter","enabled":false,"properties":[{"name":"ConsumerKey","value":null}],"secretProperties":[{"name":"ConsumerSecret","value":null}]},{"name":"AzureOpenId","enabled":true,"properties":[{"name":"ClientId","value":"YYYY"},{"name":"Authority","value":"YYYY"}],"secretProperties":[{"name":"ClientSecret","value":"YYYY"}]}]

i could see Azure AD button
On button click it is breaking:

0

maliming created 2 years ago
Support Team Fullstack Developer

hi

Is these value right?
0

shobhit created 2 years ago

:). No values are not correct. but in code i have used the right code.
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

Can you share a sample project that includes the AddOpenIdConnect client secret with me?

liming.ma@volosoft.com
0

shobhit created 2 years ago

sure will do. I don't have sample project but will share the actual keys
0

maliming created 2 years ago
Support Team Fullstack Developer

ok, I will check it asap.

maliming created 2 years ago

Support Team Fullstack Developer


.AddOpenIdConnect("AzureOpenId", "Azure AD", options =>
{
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    options.RequireHttpsMetadata = false;
    options.SaveTokens = true;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.Scope.Add("email");
    options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
    options.CallbackPath = "/callback";
})

.WithDynamicOptions<OpenIdConnectOptions, OpenIdConnectHandler>(
    "AzureOpenId",
    options =>
    {
        options.WithProperty(x => x.Authority);
        options.WithProperty(x => x.ClientId);
        options.WithProperty(x => x.ClientSecret, isSecret: true);
    }
);

context.Services.Replace(ServiceDescriptor
.Scoped<AccountExternalProviderOptionsManager<OpenIdConnectOptions>,
    OpenIdAccountExternalProviderOptionsManager>());


using System.Threading.Tasks;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.DataProtection;
using Microsoft.Extensions.Options;
using Volo.Abp.Account.ExternalProviders;
using Volo.Abp.Account.Public.Web.ExternalProviders;
using Volo.Abp.MultiTenancy;
using Volo.Abp.Security.Encryption;

namespace MyCompanyName.MyProjectName.Web.OpenId;

public class OpenIdAccountExternalProviderOptionsManager : AccountExternalProviderOptionsManager<OpenIdConnectOptions>
{
    private readonly OpenIdConnectPostConfigureOptions _openIdConnectPostConfigureOptions;

    public OpenIdAccountExternalProviderOptionsManager(
        IOptionsFactory<OpenIdConnectOptions> factory,
        IAccountExternalProviderAppService accountExternalProviderAppService,
        IStringEncryptionService stringEncryptionService,
        ITenantConfigurationProvider tenantConfigurationProvider,
        IDataProtectionProvider dataProtection) :
        base(factory, accountExternalProviderAppService, stringEncryptionService, tenantConfigurationProvider)
    {
        _openIdConnectPostConfigureOptions = new OpenIdConnectPostConfigureOptions(dataProtection);
    }

    protected async override Task OverrideOptionsAsync(string name, OpenIdConnectOptions options)
    {
        await base.OverrideOptionsAsync(name, options);
        _openIdConnectPostConfigureOptions.PostConfigure(name, options);
    }
}

0
shobhit created 2 years ago
Thanks Maliming. Appriciate. Working as exptected. will do full testing.

Please help me on below points also:

By default ABP don't provide UI for external provider except google, microsoft and twitter. how i can add UI for these providers i.e. extend the current ui.

How to configure O365 external provider.
0

maliming created 2 years ago
Support Team Fullstack Developer

Use WithDynamicOptions will automatically add UI. Settings => Account => External provider

How to configure O365 external provider.

You can search it in Google. I don't know O365.
0

shobhit created 2 years ago

Thanks. Got it. Appriciate all help
0

maliming created 2 years ago
Support Team Fullstack Developer

: )
0

maliming created 2 years ago
Support Team Fullstack Developer

I will fix this problem in the next version.
0
shobhit created 2 years ago
Thanks Maliming.

Now i am facing another issue:

i have logged in as tenant

i could see all external providers are enabled with default host setting

i uncheck all of them and hit save (without adding any data). Success message displayed and ABPSetting table has new record having following data: [{"name":"AzureOpenId","enabled":true,"properties":[{"name":"Authority","value":null},{"name":"ClientId","value":null}],"secretProperties":[{"name":"ClientSecret","value":null}]},{"name":"Google","enabled":true,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]},{"name":"Microsoft","enabled":true,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]}]

i refresh page and recheck the data. again all external providers are checked

Now i have make changes in ABPSetting value like (manually set "enabled" as false)

[{"name":"AzureOpenId","enabled":false,"properties":[{"name":"Authority","value":null},{"name":"ClientId","value":null}],"secretProperties":[{"name":"ClientSecret","value":null}]},{"name":"Google","enabled":false,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]},{"name":"Microsoft","enabled":false,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]}]

still user can see all provider options
0
shobhit created 2 years ago
2 bugs:

Expernal provider setting update is not working as expected

Expternal provider display is not working as expected
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

I will check this. Thanks
0

maliming created 2 years ago
Support Team Fullstack Developer

Now i have make changes in ABPSetting value like (manually set "enabled" as false)

The application use cache, You can't change settings manually, Please change it via the app, or clear the cache after changing DB.

Have an answer to this question? Log in and write your answer.