You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 4 Next »
When all requirements have been met, you're now able to enable AAD login for the products you decided on (DC and/or MM)
To enable the AAD functionality, you need to do the following:
In your DAM Center...
<?xml version="1.0" encoding="utf-8"?> <xs:schema id="azureActiveDirectory" xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata"> <xs:element name="azureActiveDirectory" msdata:IsDataSet="true" msdata:UseCurrentLocale="true"> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element name="client"> <xs:complexType> <!-- Enables or disables the client using AAD redirect --> <xs:attribute name="enabled" type="xs:bool" use="required" /> <!-- ClientId corresponds to the Application ID in Azure Portal --> <xs:attribute name="clientId" use="required"> <xs:simpleType> <xs:restriction base ="Guid" /> </xs:simpleType> </xs:attribute> <!-- AADInstance is the login redirect URI --> <xs:attribute name="aadInstance" type="xs:string" default="https://login.microsoftonline.com/{0}" /> <!-- Tenant is the DNS section of the App ID URI in Azure Portal. Required for single tenant usage --> <xs:attribute name="tenant" type="xs:string" /> <!-- Specifies optional post logout URI. Not used in DC and MM --> <xs:attribute name="postLogoutRedirectUri" type="xs:string" /> </xs:complexType> </xs:element> <xs:element name="server"> <xs:complexType> <xs:sequence> <!-- List of audiences allowed when running multi-tenant applications --> <xs:element name="validAudiences" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:sequence> <xs:element name="clear" type="xs:string" minOccurs="0" /> <xs:element name="add" minOccurs="0" maxOccurs="unbounded"> <xs:complexType> <xs:attribute name="name" type="xs:string" /> </xs:complexType> </xs:element> </xs:sequence> </xs:complexType> </xs:element> </xs:sequence> <!-- Enables or disables the server AAD endpoint --> <xs:attribute name="enabled" type="xs:bool" use="required" /> <!-- Discovery endpoint for validating JwT --> <xs:attribute name="stsDiscoveryEndpoint" type="xs:string" default="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration" /> <!-- Specifies the DAM Center MemberId used to auto-create users on the fly --> <xs:attribute name="templateMemberId" type="xs:int" use="required" /> <!-- Specify to validate the issuer --> <xs:attribute name="validIssuer" type="xs:string" /> </xs:complexType> </xs:element> </xs:choice> </xs:complexType> <xs:simpleType name="Guid"> <xs:restriction base="xs:string"> <xs:pattern value="([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})|(\{[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}\})"/> </xs:restriction> </xs:simpleType> </xs:element> </xs:schema>
Make sure to add the section definition:
<section name="azureActiveDirectory" type="DigiEyeZ.Framework.WebLibrary.Configuration.AzureActiveDirectorySection" />
This configuration enables other clients to use AAD, however the DAM Center client itself will use ordinary login.
<azureActiveDirectory> <server enabled="true" templateMemberId="23" /> </azureActiveDirectory>
This configuration enables clients to use AAD and also directs DAM Center client to use AAD.
<azureActiveDirectory> <server enabled="true" templateMemberId="23" /> <client enabled="true" clientId="33384545-4fe0-4b68-85d6-9edcb35c4690" tenant="mytenantid.onmicrosoft.com" /> </azureActiveDirectory>