I need to import user information from Azure AD and allow those users to sign into my application using their azure AD credentials.
Currently I am using Azure Graph API. I will be adding an application in the azure portal manually, will be getting the clientid, tenantid and secretkey from azure portal. In my application I am expecting the user to provide these three fields and using this I am calling the graph-api to get user-details.
My question is is it a right idea to expect the customer to add the application in their azure portal manually?
If not how can I import the data using java?
Accroding to the Authentication with Azure AD part of the Featuressection in the link, you need to use the OAuth 2.0 client credentials flow or the authorization code grant flow to acquire a token to call the Graph. And the two ways both need client_id, please refer to the link.
But you can see the Configuring multi-tenant applications section from the link to know how to let your application cross organizations.
Then using Azure Graph API in Java to create users for different tenants.
Related
I want to implement Single signOn on my web application using SAML where Azure Ad will be the Identity Provider. i need to know What is entityId, appId and and how to create metadata.xml.
The details you seek are available in this site https://learn.microsoft.com/en-us/azure/active-directory/develop/azure-ad-federation-metadata
All the details present in FederationMetadata.xml file depends on what is configured on Azure AD.
As a Web application developer, you don't need to create this XML file. It should be provided by the person who is managing Azure AD. If you are the person managing Azure AD also, then you can download it from there.
I have use below link to access all user of Azure AD but it require user to login in portal.azure.com
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-devquickstarts-webapp-java
I have also use below link to authenticate user but token return by it is not useful for access other API of Azure AD. Using above url code it allow to access other API of Azure but require portal.azure.com login.
https://samlman.wordpress.com/2015/06/04/getting-an-azure-access-token-for-a-web-application-entirely-in-code/
Need java code which doesnt require us to login in portal.azure.com for accessing it API
AFAIK, Azure AD implements four flows in the OAuth 2.0 authorization framework.
And if you don't want to interact with Azure manually when acquiring the access token, you can choose the Resource Owner Password Credentials Grant or Client Credentials Grant flow based on your scenario.
And normally, we need to sufficient permission to operate corresponding resource. Please share the exact resource/request you were developing and the detailed error message to help troubleshoot this issue if you still have the problem.
And this link is helpful to learn about the authentication scenarios for Azure AD.
i am looking at the ADAL for java project.
I understand the auth portion ok.
But i cannot find how to authorize the user against the ROLES in the AD.
what have i missed?
thanks
-lp
Azure AD doesn't have any good code samples for java web apps with OpenID Connect at this time. The best you can do is use a java OpenID Connect library (http://openid.net/developers/libraries/) and modify it to conform to Azure AD's protocol (https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-openid-connect-code/).
The users roles will show up as claims in the id_token if you configure your app correctly. This sample shows how to do so in .NET: https://azure.microsoft.com/en-us/documentation/samples/active-directory-dotnet-webapp-roleclaims/
I have created a simple application in Java which Connects to my Office 365 Account and retrieve the unread messages. I am performing some text matching and pattern matching to generate some reports which I receive via Email.
I am using the below url with basic Authentication to do so.
https://outlook.office365.com/api/v1.0/me/messages?$filter=IsRead%20eq%20false
However, I have read a couple of articles and most of them have suggested that Basic Authentication will not be supported and suggested to use OAUTH2.0.
I am not sure how to use OAUTH2.0. A couple of articles mention about registering the Application with AAD for which i need to have access to Azure Management Portal which i do not have. Please can any one guide me how this can be done.
PS: I am using my Corporate Domain Account to access Office
You are correct that Basic will not continue to be supported. You do not need the Azure management portal to register an application, you can use the App Dev portal (apps.dev.microsoft.com) to get a client ID and secret.
Here's a walkthrough for creating a Java web app from scratch: https://dev.outlook.com/restapi/tutorial/java. It shows how to register the app and do the authentication.
I want to know if he given user is admin of google apps domain or not. getting a list of domain admins will also do.
userService.isUserAdmin() gives user admin of google app engine which I don't want.I want to check if user is admin of google Apps domain.
I found that we can use read only access to provisioning api for this,but I could not get any detailed tutorial or code.I also need the authentication for read only access using oAuth 2 only.
Read-only Provisioning API access is only available to Google Apps Marketplace applications using two-legged OAuth 1.0. If you're not developing a Marketplace App, you'll need to get the full read-write users scope.
A java example is available at:
https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts