From 67f278d903c220c33c1781f388895fbb3c98e628 Mon Sep 17 00:00:00 2001 From: Tuomo Varis Date: Tue, 2 Mar 2021 13:47:13 +0200 Subject: [PATCH] Add support for Azure AD custom signing keys --- README.md | 2 +- build/build.js | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index dba02e8..e6bd289 100755 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ Session duration is defined as the number of hours that the JWT is valid for. Af 1. Once created, go to your application `Settings -> Keys` and make a new key with your desired duration. Click save and copy the value. This will be your `client_secret` 1. Above where you selected `Keys`, go to `Reply URLs` and enter your Cloudfront hostname with your preferred path value for the authorization callback. Example: https://my-cloudfront-site.example.com/_callback 1. Execute `./build.sh` in the downloaded directory. NPM will run to download dependencies and a RSA key will be generated. -1. Choose `Microsoft` as the authorization method and enter the values for [Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant), Client ID (**Application ID**), Client Secret (**previously created key**), Redirect URI and Session Duration +1. Choose `Microsoft` as the authorization method and enter the values for [Tenant](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-howto-tenant), Client ID (**Application ID**), Client Secret (**previously created key**), Redirect URI, whether your application has [custom signing keys](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#fetch-the-openid-connect-metadata-document) and Session Duration 1. Select the preferred authentication method 1. Azure AD Membership (default) 1. JSON Username Lookup diff --git a/build/build.js b/build/build.js index 7660a93..11e077b 100755 --- a/build/build.js +++ b/build/build.js @@ -112,6 +112,13 @@ function microsoftConfiguration() { required: true, default: R.pathOr('', ['AUTH_REQUEST', 'redirect_uri'], oldConfig) }, + CUSTOM_SIGNING_KEYS: { + description: colors.red("Use custom signing keys\n (1) No\n (2) Yes"), + pattern: /^[1-2]$/, + message: colors.red("Please choose:\n (1) No\n (2) Yes"), + required: true, + default: R.pathOr('', ['CUSTOM_SIGNING_KEYS'], oldConfig) + }, SESSION_DURATION: { message: colors.red("Session Duration (hours)"), required: true, @@ -125,7 +132,9 @@ function microsoftConfiguration() { config.PRIVATE_KEY = fs.readFileSync('distributions/' + config.DISTRIBUTION + '/id_rsa', 'utf8'); config.PUBLIC_KEY = fs.readFileSync('distributions/' + config.DISTRIBUTION + '/id_rsa.pub', 'utf8'); config.TENANT = result.TENANT; - config.DISCOVERY_DOCUMENT = 'https://login.microsoftonline.com/' + result.TENANT + '/.well-known/openid-configuration'; + config.DISCOVERY_DOCUMENT = result.CUSTOM_SIGNING_KEYS === '1' + ? `https://login.microsoftonline.com/${result.TENANT}/.well-known/openid-configuration` + : `https://login.microsoftonline.com/${result.TENANT}/.well-known/openid-configuration?appid=${result.CLIENT_ID}`; config.SESSION_DURATION = parseInt(result.SESSION_DURATION, 10) * 60 * 60; config.CALLBACK_PATH = url.parse(result.REDIRECT_URI).pathname;