Azure SSO for uPortal
Initially this project will not be provided as a dependency. Rather, this code should be directly added to uPortal-start. Our usual recommendation is to create a custom/ folder in uPortal-start for custom code.
There are four steps to add this to your portal.
- Copy src/ and build.gradle into uPortal-start/custom/azure-sso/ or similar location
- Copy the Custom:AzureSSO section of gradle.properties into uPortal-start/gradle.properties
- Add
include 'custom:azure-sso'
to settings.gradle - Add
compile project(':custom:azure-sso')
to uPortal-start/overlays/uPortal/build.gradle in the first dependencies section
The following configuration should be added to etc/portal/uPortal.properties
in the Authentication section of that file:
##
## Azure SSO Configuration
##
org.apereo.portal.security.provider.azure.AzureSSOSecurityContextFactory.enabled=true
org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.clientID=
org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.tenantID=
org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.secret=
org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.homePage=${portal.protocol}://${portal.server}${portal.context}
org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.redirectEndpoint=/auth/redirect
#org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.scopes=openid profile offline_access
#org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.azureLogin=https://login.microsoftonline.com/
#org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.signOutEndpoint=/oauth2/v2.0/logout/
#org.apereo.portal.security.provider.azure.AzureSSOSecurityContext.postSignOutFragment=?post_logout_redirect_uri=
Spring Beans Needed In overridesContext.xml
<!-- replace url encoder / login URL generator with ours -->
<bean name="casRefUrlEncoder" class="org.apereo.portal.security.provider.azure.web.AzureSSORefUrlEncoder" />
<!-- filters to manage Azure SSO -->
<bean name="azureSSOAuthenticationFilter" class="org.apereo.portal.security.provider.azure.web.AzureSSOAuthenticationFilter" />
<bean name="azureSSORedirectFilter" class="org.apereo.portal.security.provider.azure.web.AzureSSORedirectFilter" />
<!--
<bean name="azureSSOSignInFilter" class="org.apereo.portal.security.provider.azure.web.AzureSSOSignInFilter" />
-->
<bean name="azureSSOSignOutFilter" class="org.apereo.portal.security.provider.azure.web.AzureSSOSignOutFilter" />
Filters Needed In web.xml
Recommend adding these after the corsFilter
filter for consistency, but order is not important:
<filter>
<filter-name>azureSSOAuthenticationFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>azureSSORedirectFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>azureSSOSignOutFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
Recommend adding filter mappings after courseFilter
filter-mapping -- order is important here:
<filter-mapping>
<filter-name>azureSSOAuthenticationFilter</filter-name>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>*.uP</url-pattern>
<url-pattern>/f/*</url-pattern>
<url-pattern>/p/*</url-pattern>
<url-pattern>/Login</url-pattern>
<url-pattern>/auth/redirect</url-pattern>
<url-pattern>/Logout</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>azureSSORedirectFilter</filter-name>
<url-pattern>/auth/redirect</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>azureSSOSignOutFilter</filter-name>
<url-pattern>/Logout</url-pattern>
</filter-mapping>
The Web Redirect URI is the service URL plus /uPortal/auth/redirect
.
The Front-channel logout URL is the service URL plus /uPortal/Logout
.