Azure SSO example

#3
by spew - opened

๐Ÿ˜ƒ: how do I modify my rails app which uses LDAP via devise for authentication to support Azure SSO as well?
๐Ÿค–: To modify your Ruby on Rails application that uses LDAP via Devise for authentication to support Azure Single Sign-On (SSO), you can follow these steps:

  1. Add the necessary gems to your Gemfile:
gem 'omniauth'
gem 'omniauth-oauth2'
gem 'omniauth-azure-oauth2'

Then, run bundle install to install the gems.

  1. Set up OmniAuth in your Rails application:
  • In your config/initializers/omniauth.rb file, add the following code:
Rails.application.config.middleware.use OmniAuth::Builder do
  provider :azure_oauth2, ENV['AZURE_CLIENT_ID'], ENV['AZURE_CLIENT_SECRET'],
    {
      client_options: {
        site: 'https://login.microsoftonline.com',
        authorize_url: '/common/oauth2/v2.0/authorize',
        token_url: '/common/oauth2/v2.0/token'
      },
      provider_ignores_state: true
    }
end

Replace AZURE_CLIENT_ID and AZURE_CLIENT_SECRET with your Azure application's client ID and secret, respectively.

  1. Configure Devise to use OmniAuth:
  • In your config/initializers/devise.rb file, add the following code:
config.omniauth :azure_oauth2, 'azure_oauth2', client_id: ENV['AZURE_CLIENT_ID'], client_secret: ENV['AZURE_CLIENT_SECRET']
  1. Create an Azure Active Directory application:
  • Log in to the Azure portal and navigate to the Azure Active Directory section.
  • Create a new App Registration and provide the necessary details, such as the name and redirect URI (e.g., https://your-app.com/users/auth/azure_oauth2/callback).
  • Take note of the Client ID and Client Secret, as you will need them in the next step.
  1. Set up environment variables:
  • Store your Azure application's Client ID and Client Secret as environment variables. You can use a tool like dotenv or environment-specific configuration files.
  • Set the AZURE_CLIENT_ID and AZURE_CLIENT_SECRET environment variables with the values obtained from the Azure portal.
  1. Update your Devise routes:
  • In your config/routes.rb file, add the following route:
devise_for :users, controllers: { omniauth_callbacks: 'users/omniauth_callbacks' }

This assumes you have a Users controller to handle OmniAuth callbacks.

  1. Implement the OmniAuth callback controller:
  • Create a Users controller (or modify your existing one) to handle the OmniAuth callback:
class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController
  def azure_oauth2
    # You can access the OAuth credentials from the request object
    credentials = request.env['omniauth.auth']
    # Perform any additional processing or user creation/association logic here
    # For example, you can create or associate the user with the Azure OAuth data
    # You can also set session data or flash messages as needed
    # ...
    # Finally, sign in the user
    sign_in_and_redirect 

@user

	, event: :authentication # or however you handle sign-in
  end
end
  1. Test the Azure SSO integration:
  • Start your Rails server and visit the sign-in page.
  • Click on the Azure SSO button to initiate the authentication process.
  • You should be redirected to the Azure login page, where you can enter your Azure credentials.
  • After successful authentication, you should be redirected back to your application and signed in.

That's it! You have now modified your Rails application to support Azure SSO authentication using Devise and OmniAuth. Make sure to thoroughly test the authentication flow and handle any errors or exceptions that may arise during the process.

shivi changed discussion status to closed

Sign up or log in to comment