Versions Compared

Old Version 41

changes.mady.by.user Former user

Saved on

compared with

New Version 42

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

This page provides instructions on how to configure the Office365 Microsoft Azure AD authenticator and Identity Server using a sample app. You can find more information in the following sections.

Info

This is tested for the Office365 API version 2.0. Office365 Authenticators are The Microsoft Azure AD Authenticator is supported by WSO2 Identity Server versions 5.1.0, 5.2.0 and 5.3.0.

Table of Contents
maxLevel3
minLevel3

Anchor
Deploying Office365 artifacts
Deploying Office365 artifacts

 Deploying 

 Deploying Office365

 

 artifacts

  1. Place the  org.wso2.carbon.extension.identity.authenticator.office365.connector-x.x.x. jar file into the  file into the <IS_HOME>/repository/components/dropins directory. You can obtain this from the WSO2 store.

    Note

    If you want to upgrade the  Office365 Microsoft Azure AD Authenticator (.jar) in your existing IS pack, please refer upgrade instructions.

Anchor
Configuring the Office365 App
Configuring the Office365 App

 Configuring the  Office365 App

 Configuring the  Office365 App

  1. Navigate to https://products.office.com/en-us/business/compare-office-365-for-business-plans to create an account for Office365.

  2. Associate an Azure subscription with Office 365 account (Azure AD).

    1. If you have an existing Microsoft Azure subscription:
      1. Log on to the  the  Microsoft Azure Management portal with  with your existing Azure credentials. 
      2. Select the   Active Directory  the   Active Directory  node, then select the   Directory  the   Directory  tab and, at the bottom of the screen, select   New  select   New  . 
        Image Modified
      3. On the   New  the   New  menu, select   Active Directory    Directory    Custom Create  select   Active Directory  >   Directory  >   Custom Create  . 
        Image Modified
      4. In   Add directory  In   Add directory  , in the   Directory  the   Directory  drop-down box, select  select   Use existing directory existing directory  . Select   Select   I am ready to be signed out signed out  , and then select the check mark in the lower-right corner. 
        Image Modified

        This takes you back to the Azure Management Portal.

      5. Log in with your Office 365 account information.     You will be prompted whether to use your directory with Azure.

        Warning

        Important: To associate your Office 365 account with Azure AD, you will need an Office 365 business account with global administrator privileges.

      6. Select   Continue  Select   Continue  , and then   Sign out now  now .
      7. Close the browser and reopen the  reopen the  portal . Otherwise, you will get an access denied error.
      8. Log in again with your existing Azure credentials.
      9. Navigate to the  Active Directory node and, under  Directory , you should now see your Office 365 account listed.
    2. Alternatively  Alternatively , you will need to create to create a new Azure subscription and associate it with your Office 365 account in account in order to register and manage apps. 
      1. Log on to Office 365. From the  Home page, select the  Admin icon to open the Office 365 admin center. 
        Image Modified

      2. In the menu page on the left side of the page, scroll down to   Admin  and select  to   Admin  and select   Azure AD  . 
        Image Modified

        Warning

        Important:    To open the Office 365 admin center and access Azure AD, you will need an Office 365 business account with global administrator privileges.

      3. Create a new subscription.     If you are using a trial version of Office 365, you will see a message informing you that Azure AD is limited to customers with paid services. You can still create a free trial 30-day Azure subscription, but you will need to perform a few extra steps: 
        Image Modified
        1. Select your country or region, and then choose Azure subscription.
        2. Enter your personal information. For verification purposes, enter a telephone number at which you can be reached, and specify whether you want to be sent a text message or called.
        3. Once you have received your verification code, enter it and choose Verify code.
        4. Enter the payment information, check the agreement, and select   Sign up   select   Sign up  .   Your credit card will not be charged.
        5. Once your Azure subscription is created, choose   Portal choose   Portal .
        6. The Azure Tour appears. You can view it, or click   X  click   to close it.

  3. Register a new application in the Azure classic portal.

    1. Sign into the  Azure Management Portal using your Azure credentials.
    2. Click  Active Directory  Click  Active Directory   on the left menu, then click on the Directory for your Office 365 developer site. 
      Image Modified
    3. On the top menu, click  Applications click  Applications . 
    4. Click   Add  Click   Add  from the bottom menu. 
      Image Modified
    5. Click  Add Click  Add an application my organization is developing is developing  . 
      Image Modified
    6. Specify the Specify the application name and select WEB APPLICATION AND/OR WEB API  for   Type    for   Type  . 
    7. Click the arrow icon on the bottom-right corner of the page. 
      Image Modified
    8. Specify a sign-on URL. You can specify   https://localhost:9443/commonauth   .    
    9. Click the checkbox in the bottom right corner of the page. 
      Image Modified

    10. Once the application has been successfully added, you will be taken to the Quick Start page for the application. From here, click  Configure  click  Configure   in the top menu. 

      Note

      On this page, note the client ID and client secret (key) as you will need it later when configuring Office365 as a federated authenticator.

      Image Modified Image Modified

    11. In   In   permissions to other applications other applications  , click   click   Add application  application . 
    12. Click  Office 365 Exchange Online  Click  Office 365 Exchange Online  , and then click the check mark icon. 
      Image Modified Under 
    13.   Under   permissions to other applications other applications  , click the   Delegated Permissions   column for Office 365 Exchange Online the   Delegated Permissions   column for Office 365 Exchange Online . 
    14. Click  Save  Click  Save   in the bottom menu. 
      Image Modified

Anchor
Deploying travelocity.com sample app
Deploying travelocity.com sample app

 Deploying

 Deploying travelocity.com sample app

The next step is to deploy the sample app in order to use it in this scenario.

Once this is done, the next step is to configure the WSO2 Identity Server by adding a service provider and an identity provider.

Anchor
Configuring the identity provider
Configuring the identity provider

 Configuring

 Configuring the identity provider

Now you have to configure WSO2 Identity Server by adding a new identity provider.

  1. Download the WSO2 Identity Server from here.
  2. Run the WSO2 Identity Server.
  3. Log in to the management console as an administrator.
  4. In the Identity Providers section under the Main tab of the management console, click Add.
  5. Give a suitable name for Identity Provider Name. Refer this document for more information regarding the identity provider configurations.
  6. Navigate to Office365 Configuration under Federated Authenticators
  7. Enter the values as given in the above figure.
    • Client Id: Client Id for your app.
    • Client Secret Client Secret for your app.
    • Callback Url: Service Provider's URL where code needs to be sent (  https://localhost:9443/commonauth  ) .
  8. Select both checkboxes to Enable the Office365 Microsoft Azure AD authenticator and make it the Default.
  9. Click Register.

You have now added the identity provider.

Anchor
Configuring the service provider
Configuring the service provider
 Configuring the service provider

  1. Return to the management console.
  2. In the Service Providers section, click Add under the Main tab.
  3. Since you are using travelocity as the sample, enter travelocity.com in the Service Provider Name text box and click Register .
  4. In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.
  5. Now set the configuration as follows:

    1. Issuer: travelocity.com

    2. Assertion Consumer URL http://localhost:8080/travelocity.com/home.jsp

  6. Select the following check-boxes:

    1. Enable Response Signing.

    2. Enable Single Logout.

    3. Enable Attribute Profile.

    4. Include Attributes in the Response Always.
  7. Click Update to save the changes. Now you will be sent back to the Service Providers page.
  8. Navigate to the Local and Outbound Authentication Configuration section.
  9. Select the identity provider you created from the dropdown list under Federated Authentication.

  10. Ensure that the Federated Authentication radio button is selected and click Update to save the changes. 

You have now added and configured the service provider.

Anchor
Testing the sample
Testing the sample
 Testing the sample

  1. To test the sample, go to the following URL: http://<TOMCAT_HOST>:<TOMCAT_PORT>/travelocity.com/index.jsp . E.g., http://localhost:8080/travelocity.com
  2. Login with SAML  from the WSO2 Identity Server. 
  3. Enter your Office365 credentials in the prompted login page of Microsoft.    
  4. Once you login successfully  you will you login successfully  you will be taken to the home page of the travelocity.com app.