This page provides instructions on how to configure the Office365 authenticator and Identity Server using a sample app. You can find more information in the following sections.
This is tested for the Office365 API version 2.0. Office365 Authenticators are supported by WSO2 Identity Server versions 5.1.0, 5.2.0 and 5.3.0.
Deploying Office365 artifacts
Place the
org.wso2.carbon.extension.identity.authenticator.office365.connector-x.x.x.
jar
file into the<IS_HOME>/repository/components/dropins
directory. You can obtain this from the WSO2 store.If you want to upgrade the Office365 Authenticator (.jar) in your existing IS pack, please refer upgrade instructions.
Configuring the Office365 App
Navigate to https://products.office.com/en-us/business/compare-office-365-for-business-plans to create an account for Office365.
Associate an Azure subscription with Office 365 account (Azure AD).
- If you have an existing Microsoft Azure subscription:
- Log on to the Microsoft Azure Management portal with your existing Azure credentials.
- Select the Active Directory node, then select the Directory tab and, at the bottom of the screen, select New .
- On the New menu, select Active Directory > Directory > Custom Create .
- In Add directory , in the Directory drop-down box, select Use existing directory . Select I am ready to be signed out , and then select the check mark in the lower-right corner.
This takes you back to the Azure Management Portal. Log in with your Office 365 account information. You will be prompted whether to use your directory with Azure.
Important: To associate your Office 365 account with Azure AD, you will need an Office 365 business account with global administrator privileges.
- Select Continue , and then Sign out now .
- Close the browser and reopen the portal . Otherwise, you will get an access denied error.
- Log in again with your existing Azure credentials.
- Navigate to the Active Directory node and, under Directory , you should now see your Office 365 account listed.
- Log on to the Microsoft Azure Management portal with your existing Azure credentials.
- Alternatively , you will need to create a new Azure subscription and associate it with your Office 365 account in order to register and manage apps.
- Log on to Office 365. From the Home page, select the Admin icon to open the Office 365 admin center.
In the menu page on the left side of the page, scroll down to Admin and select Azure AD .
Important: To open the Office 365 admin center and access Azure AD, you will need an Office 365 business account with global administrator privileges.
- Create a new subscription. If you are using a trial version of Office 365, you will see a message informing you that Azure AD is limited to customers with paid services. You can still create a free trial 30-day Azure subscription, but you will need to perform a few extra steps:
- Select your country or region, and then choose Azure subscription.
- Enter your personal information. For verification purposes, enter a telephone number at which you can be reached, and specify whether you want to be sent a text message or called.
- Once you have received your verification code, enter it and choose Verify code.
- Enter the payment information, check the agreement, and select Sign up . Your credit card will not be charged.
- Once your Azure subscription is created, choose Portal .
- The Azure Tour appears. You can view it, or click X to close it.
- Log on to Office 365. From the Home page, select the Admin icon to open the Office 365 admin center.
- If you have an existing Microsoft Azure subscription:
Register a new application in the Azure classic portal.
- Sign into the Azure Management Portal using your Azure credentials.
- Click Active Directory on the left menu, then click on the Directory for your Office 365 developer site.
- On the top menu, click Applications .
- Click Add from the bottom menu.
- Click Add an application my organization is developing .
- Specify the application name and select WEB APPLICATION AND/OR WEB API for Type .
- Click the arrow icon on the bottom-right corner of the page.
- Specify a sign-on URL. You can specify
https://localhost:9443/commonauth
.
- Click the checkbox in the bottom right corner of the page.
Once the application has been successfully added, you will be taken to the Quick Start page for the application. From here, click Configure in the top menu.
On this page, note the client ID and client secret (key) as you will need it later when configuring Office365 as a federated authenticator.
- In permissions to other applications , click Add application .
- Click Office 365 Exchange Online , and then click the check mark icon.
- Under permissions to other applications , click the Delegated Permissions column for Office 365 Exchange Online .
- Click Save in the bottom menu.
Deploying travelocity.com sample app
The next step is to deploy the sample app in order to use it in this scenario.
Once this is done, the next step is to configure the WSO2 Identity Server by adding a service provider and an identity provider.
Configuring the identity provider
Now you have to configure WSO2 Identity Server by adding a new identity provider.
- Download the WSO2 Identity Server from here.
- Run the WSO2 Identity Server.
- Log in to the management console as an administrator.
- In the Identity Providers section under the Main tab of the management console, click Add.
- Give a suitable name for Identity Provider Name. Refer this document for more information regarding the identity provider configurations.
- Navigate to Office365 Configuration under Federated Authenticators.
- Enter the values as given in the above figure.
- Client Id: Client Id for your app.
- Client Secret: Client Secret for your app.
- Callback Url: Service Provider's URL where code needs to be sent (
https://localhost:9443/commonauth
) .
- Select both checkboxes to Enable the Office365 authenticator and make it the Default.
- Click Register.
You have now added the identity provider.
Configuring the service provider
- Return to the management console.
- In the Service Providers section, click Add under the Main tab.
- Since you are using travelocity as the sample, enter travelocity.com in the Service Provider Name text box and click Register .
- In the Inbound Authentication Configuration section, click Configure under the SAML2 Web SSO Configuration section.
- Now set the configuration as follows:
Issuer: travelocity.com
Assertion Consumer URL: http://localhost:8080/travelocity.com/home.jsp
- Select the following check-boxes:
Enable Response Signing.
Enable Single Logout.
Enable Attribute Profile.
- Include Attributes in the Response Always.
- Click Update to save the changes. Now you will be sent back to the Service Providers page.
- Navigate to the Local and Outbound Authentication Configuration section.
- Select the identity provider you created from the dropdown list under Federated Authentication.
Ensure that the Federated Authentication radio button is selected and click Update to save the changes.
You have now added and configured the service provider.
Testing the sample
- To test the sample, go to the following URL:
http://<TOMCAT_HOST>:<TOMCAT_PORT>/travelocity.com/index.jsp
. E.g., http://localhost:8080/travelocity.com - Login with SAML from the WSO2 Identity Server.
- Enter your Office365 credentials in the prompted login page of Microsoft.
- Once you login successfully you will be taken to the home page of the travelocity.com app.