This tutorial shows how to authenticate to the Curity Identity Server from Azure AD. This is achieved by using the Open ID Connect authenticator in the Curity Identity Server and setting up the Curity Identity Server as an application in Azure AD. If you want to authenticate the other way around, using the Curity Identity Server to login to Azure AD, follow this tutorial Integrating with Azure Active Directory.
Start by creating an OIDC authenticator in the Curity Identity Server. Copy the name of the authenticator. We will fill in the rest after we are done in Azure AD.
In Azure AD select App registrations and then New registration. Set name and who should be able to use this.
In Redirect URI, select
Web and then enter the redirect URL of your Azure AD authenticator. It is
<BASE URL>/<AUTHENTICATION ENDPOINT>/<AUTHENTICATOR NAME>/callback.
The result should look something like this if your authenticator is AzureAD,
When the application is registered, navigate to the Overview. Click on Endpoints and make a note of
Application (client) ID and
OpenID Connect metadata document, you will need them later.
Next up is to create a secret. Navigate to Certificates & secrets. Click on New client secret, give it a name and a validity time. After pressing Add, make a note of the generated secret.
AttentionAfter leaving this page you cannot see the secret again.
Getting back to the new OIDC authenticator we now have all the information we need to finalize it.
- First of all, we have to set the
Configuration URL. This is the
Open ID metadataURL.
- Then we enter the
Client ID, which we noted earlier.
Client authentication methodto
Client Secretis the secret you previously generated.
- Don´t forget to commit your changes when done.
Using your new OIDC authenticator you should be able to login with your Azure AD account to Curity Identity Server. Azure AD supports other scopes and can return other claims which can be used by the Curity Identity Server but it is not part of this article. More information can be found in Microsoft Docs.
Let’s Stay in Touch!
Get the latest on identity management, API Security and authentication straight to your inbox.