User's Manual

OAuth using Azure Active Directory

Setup a new App and Client in Azure.

Links:

Find the Issuer uri and client id + credentials.

The issuer uri is on the format:

  • https://login.microsoftonline.com/<Your Azure Entra Id tenant id>/v2.0

NOTE: If the app or client is NOT set up as multitenant you neet to add an jwk-set-uri in the form of:

  • https://login.microsoftonline.com/<Your Azure Entra Id tenant id>/discovery/keys?appid=<Your Azure enterprise app CLIENT id>

Configure ROB-EX Scheduler application.yml with the relevant values

Use the following example as a template


spring:
  security:
    oauth2:
       resourceserver:
           jwt:
               issuer-uri: https://login.microsoftonline.com/<Your Azure Entra Id tenant id>/v2.0
               # SEE https://learn.microsoft.com/en-us/answers/questions/990475/azure-ad-access-token-validation-exception-in-reso
               #jwk-set-uri: https://login.microsoftonline.com/<Your Azure Entra Id tenant id>/discovery/keys?appid=<Your Azure enterprise app CLIENT id>
       client:
           provider:
             azure-ad:
               issuer-uri: https://login.microsoftonline.com/<Your Azure Entra Id tenant id>/v2.0
               #jwk-set-uri: https://login.microsoftonline.com/<Your Azure Entra Id tenant id>/discovery/keys?appid=<Your Azure enterprise app CLIENT id>
               user-name-attribute: email
           registration:
             azure-ad:
               provider: azure-ad
               client-name: Axure AD 
               client-id: <Your Azure enterprise app CLIENT id>
               client-secret: <Your Azure enterprise app CLIENT credentials>
               scope:
                - openid
                - profile
                - email
robex:
  auth:
     internal:
        enabled: true
     oauth:
        enabled: true
        groupsClaim: groups

 

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment