Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
When all requirements have been met, you're now able to enable AAD login for the products you decided on (DC and/or MM)
Enabling AAD
To enable the AAD functionality, you need to do the following:
In your DAM Center...
Configuration schema
| Code Block |
|---|
<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="azureActiveDirectory" xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata">
<xs:element name="azureActiveDirectory" msdata:IsDataSet="true" msdata:UseCurrentLocale="true">
<xs:complexType>
<xs:choice minOccurs="0" maxOccurs="unbounded">
<xs:element name="client">
<xs:complexType>
<!-- Enables or disables the client using AAD redirect -->
<xs:attribute name="enabled" type="xs:bool" use="required" />
<!-- ClientId corresponds to the Application ID in Azure Portal -->
<xs:attribute name="clientId" use="required">
<xs:simpleType>
<xs:restriction base ="Guid" />
</xs:simpleType>
</xs:attribute>
<!-- AADInstance is the login redirect URI -->
<xs:attribute name="aadInstance" type="xs:string" default="https://login.microsoftonline.com/{0}" />
<!-- Tenant is the DNS section of the App ID URI in Azure Portal. Required for single tenant usage -->
<xs:attribute name="tenant" type="xs:string" />
<!-- Specifies optional post logout URI. Not used in DC and MM -->
<xs:attribute name="postLogoutRedirectUri" type="xs:string" />
</xs:complexType>
</xs:element>
<xs:element name="server">
<xs:complexType>
<xs:sequence>
<!-- List of audiences allowed when running multi-tenant applications -->
<xs:element name="validAudiences" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:sequence>
<xs:element name="clear" type="xs:string" minOccurs="0" />
<xs:element name="add" minOccurs="0" maxOccurs="unbounded">
<xs:complexType>
<xs:attribute name="name" type="xs:string" />
</xs:complexType>
</xs:element>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:sequence>
<!-- Enables or disables the server AAD endpoint -->
<xs:attribute name="enabled" type="xs:bool" use="required" />
<!-- Discovery endpoint for validating JwT -->
<xs:attribute name="stsDiscoveryEndpoint" type="xs:string" default="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration" />
<!-- Specifies the DAM Center MemberId used to auto-create users on the fly -->
<xs:attribute name="templateMemberId" type="xs:int" use="required" />
<!-- Specify to validate the issuer -->
<xs:attribute name="validIssuer" type="xs:string" />
</xs:complexType>
</xs:element>
</xs:choice>
</xs:complexType>
<xs:simpleType name="Guid">
<xs:restriction base="xs:string">
<xs:pattern value="([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\})"/>
</xs:restriction>
</xs:simpleType>
</xs:element>
</xs:schema> |
Make sure to add the section definition:
| Code Block |
|---|
<section name="azureActiveDirectory" type="DigiEyeZ.Framework.WebLibrary.Configuration.AzureActiveDirectorySection" /> |
Configuration examples
DC API server only
This configuration enables other clients to use AAD, however the DAM Center client itself will use ordinary login.
| Code Block |
|---|
<azureActiveDirectory> <server enabled="true" templateMemberId="23" /> </azureActiveDirectory> |
DC API server with single tenant client login
This configuration enables clients to use AAD and also directs DAM Center client to use AAD.
| Code Block |
|---|
<azureActiveDirectory> <server enabled="true" templateMemberId="23" /> <client enabled="true" clientId="33384545-4fe0-4b68-85d6-9edcb35c4690" tenant="mytenantid.onmicrosoft.com" /> </azureActiveDirectory> |
| Table of Contents |
|---|