I have a Java application that needs to update some fields of the manifest.json of an app registration in Azure.
I have already done this from the Linux terminal with the azure-cli tool. I then tried to google for a similar Java SDK to do this but only came up with SDKs that let you authenticate against Azure.
Is there another SDK for my use case or do I have to use some API directly via HTTP?
You can use Management SDK.
Sample code:
// skip this if you know the object id
ActiveDirectoryApplication app = azure.accessManagement().activeDirectoryApplications()
.getByName("<app_name>");
GraphRbacManagementClient client = azure.accessManagement().activeDirectoryApplications().manager().serviceClient();
client.getApplications().patch(
app.id(),
(ApplicationUpdateParameters) new ApplicationUpdateParameters()
.withGroupMembershipClaims(GroupMembershipClaimTypes.ALL));
It is a bit convoluted, because technically speaking AAD does not belong to Management. AAD is included in the SDK mainly for RBAC (role-based-access-control) for other resources.
Related
I am using Google Cloud Translate v3 API Java Client. The Java Client code samples work great. The authentication of the code samples is done using the GOOGLE_APPLICATION_CREDENTIALS environment variable.
I need to develop code that will run in an application server that I have no control over the environment variables. So I need to use another way to get the call authenticated.
Setting Up Authentication for Server to Server Production Applications, under "Passing the path to the service account key in code" has a code sample (choose the JAVA tab) that works for the Storage service, but I can't find a similar way to pass the GoogleCredentials to Translation v3 API Java Client. Does anyone know?
Also, I can't find the Java doc for v3 API. https://googleapis.dev/java/google-cloud-clients/latest/index.html shows version "0.119.0-alpha" and it does not list the package com.google.cloud.translate.v3. Is there a separate java doc page ?
I think I found a solution.
The client API javadoc doesn't list com.google.cloud.translate.v3 but it does list com.google.cloud.translate.v3beta1. In the javadoc for TranslationServiceClient, i.e. https://googleapis.dev/java/google-cloud-clients/latest/com/google/cloud/translate/v3beta1/TranslationServiceClient.html
there's a mention of setting credential, and this method worked!
TranslationServiceSettings translationServiceSettings =
TranslationServiceSettings.newBuilder()
.setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
.build();
TranslationServiceClient translationServiceClient =
TranslationServiceClient.create(translationServiceSettings);
I am working on a small project to list all the VirtualNetworks details under a subscription. In our subscription we have both classic and ARM Virtual networks. I am using Azure latest Java SDK(1.1.2) to pull the info. I am using the below API call and it is returning only the VNets from ARM, not from classic. Please see the code snippet.
ApplicationTokenCredentials credentials = new ApplicationTokenCredentials(
clientId, tenantId, clientKey, AzureEnvironment.AZURE);
Azure azure = Azure.authenticate(credentials).withSubscription(subscriptionId);
for (Network virtualNetwork : azure.networks().list()){
Utils.print(virtualNetwork);
}
How can I get both ARM and classic VNets?
The APIs of ASM (Azure Service Management) support the feature for listing the classic Virtual Networks.
There are two ways as below.
Using Azure Java SDK for ASM, you can install it via maven repositories azure-svc-mgmt & azure-svc-mgmt-network, and follow the blog to authenticate for NetworkManagementService to create an instance of NetworkManagementClient to getNetworksOperations() to list() the NetworkListResponse.
Via the ASM REST API List Virtual Network Sites to get the XML response, and refer to the reference Authenticating Service Management Requests, Service to service calls using client credentials (shared secret or certificate) & Create the request to create an authenticated request to call the REST API.
Meanwhile, you also can refer to these similar SO thread for ASM as below.
Azure retrieving the PublicIPAddress of VirtualMachines from Azure Java SDK
MS Azure java client code throws the error
Hope it helps.
I've a Java program using ADAL4J that works great on a non-mobile device but when deployed to any mobile devices via Oracle MAF (which deploys as Cordova, HTML5, CSS), it fails on the AuthenticationContext method.
The error is:
com.microsoft.aad.adal.AuthenticationException: Prompt is not allowed and failed to get token:
Here is the main code:
service = Executors.newFixedThreadPool(1);
String url = AUTHORIZATION_ENDPOINT + tenantId + "/oauth2/authorize";
//Next line is where it fails
authContext = new AuthenticationContext(url, false, service);
Future<AuthenticationResult> future =
authContext.acquireToken(ARM_ENDPOINT, clientId, username, credential, null);
result = future.get();
System.out.println("Access Token - " + result.getAccessToken());
System.out.println("ID Token - " + result.getIdToken());
Based on the research I've done it appears I may need to use the AcquireTokenSilent method instead, however this method does not exist in the ADAL for Java library (using ADAL4J 1.1.3, most recent as of this post). I did see that there is an ADAL for Cordova library that contains this method that may work. However that uses NodeJS and I'd prefer to stick with a Java solution if possible.
Would appreciate any assistance. Thanks.
EDIT: I think the main issue if that the ADAL4J library does not support the AuthenticationContext.tokenCache property nor does it include support for the PromptBehavior option that is there in the device specific ADAL implementations.
If true, guess I'll either have to try the ADAL for Cordova or each device ADAL SDK.
According to your description, based on my understanding, I think you want to create a mobile application cross platform like iOS/Android/etc using Oracle MAF in Java.
So per my experience, the solution which be suitable for your needs in Java is using OAuth2 REST APIs for authentication via Java HTTP client on Azure AD, please refer to the offical tutorial OAuth 2.0 Authorization Code Flow.
If just for Android, you can directly use ADAL for Android to do that. Otherwise, it seems that there is not any existing library to directly support for authentication within multi-platform in Java. Hope it helps.
We have mobile application backend running in AWS. Backend build using Java spring front end supported for native iOS, native Android and angular js based website, it has own authentication using email id and password. Now we are planning to integrate our app authentication with our organisation Active directory which available in Azure AD.
We have outline idea about Azure portal application creation, use ADAL library to get token from azure. But we are not clear about how we can validate token at web service side. Could you please enlighten us about integration process
Unfortunately, Azure AD doesn't have great guidance on securing a web API in Java at this time. However, taking the open-source approach isn't terribly difficult in this case.
Azure AD's access tokens are JWTs, which are essentially just base64 encoded JSON strings with a signature. jwt.io has compiled a nice list of open-source libraries that can be used to validate JWTs (some libraries for generating them too, fyi). The best reference material available at this time is:
The claims listed in this token reference article where necessary (ignore the comment about id_tokens only, that's incorrect).
The OpenID Connect spec also has some good tidbits on how to validate tokens. You should also make sure to validate the scope claim, which won't be mentioned there.
This code sample shows how to take this approach, but it's in .NET. You can follow its patterns for Java.
The hardest part will be robustly fetching, caching, and refreshing the Azure AD public signing keys, making sure your app can handle key rollover. Microsoft's .NET open source library, for instance, refreshes the keys every 24 hours and refreshes them immediately any time signature validation fails. Most JWT libraries won't do that for you. The signing keys are available via Azure AD's OpenID Connect metadata endpoint,
https://login.microsoftonline.com/<tenant-or-common>/.well-known/openid-configuration
The OpenID Connect spec also has information on the format of the data available there.
I have an app that is written in JavaFX that uses the old firebase-jvm library. It uses password authentication and each app is treated as a separate user.
The new library is labelled firebase-server and has NO client authentication APIs, forcing a client based implementation to fallback to a service account.
Anybody having the same issue or have workarounds?
Can the android version be used for JVM? If so, where can I get the direct link?