Differences

This shows you the differences between two versions of the page.

--- plugin:oauthazure [2022-10-04 14:19] – Visiopaja
+++ plugin:oauthazure [2024-02-08 09:04] (current) – LMS23
@@ Line 2: / Line 2: @@
 ---- plugin ----
-description:
+description: Azure Service for use with the oAuth Plugin
-author     : Visiopaja
+author     : Andreas Gohr
-email      : matias.hamalainen@visiopaja.fi
+email      : dokuwiki@cosmocode.de
-type       : auth, action
+type       : action
-lastupdate : 2022-10-04
+lastupdate : 2023-04-20
-compatible :
+compatible : Hogfather, Igor, Jack Jackrum, Kaos
 depends    : oauth
 conflicts  :
@@ Line 13: / Line 13: @@
 tags       : oauth, authentication, azure
-downloadurl: http://github.com/Visiopaja/dokuwiki-plugin-oauthazure/zipball/master
+downloadurl: https://github.com/cosmocode/dokuwiki-plugin-oauthazure/zipball/master
-bugtracker : http://github.com/Visiopaja/dokuwiki-plugin-oauthazure/issues
+bugtracker : https://github.com/cosmocode/dokuwiki-plugin-oauthazure/issues
-sourcerepo : http://github.com/Visiopaja/dokuwiki-plugin-oauthazure/
+sourcerepo : https://github.com/cosmocode/dokuwiki-plugin-oauthazure/
 donationurl:
@@ Line 23: / Line 23: @@
 ===== Installation =====
-//[First, last and only chance to warn users before installing (some has already done that before reading this)]//
+:!: **External requirements:** This plugin requires the [[plugin:oauth|oAuth Plugin]].
-:!: **External requirements:** This plugin requires the [[plugin:oauth|oAuth Plugin]] 2021-12-19 or above.
 Install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.
@@ Line 31: / Line 29: @@
 ===== Configuration =====
-You need to set the client ID, client secret and discovery URL of your Azure. Discovery URL is:
+Create a new Application in your Azure account, then configure:
+  * client ID (''Application (client) ID'', de ''Anwendungs-ID (Client)'')
+  * client secret (''Value'' NOT ''Secret ID'', de ''Wert'' NICHT ''Geheime ID'')
+  * tenant (''Directory (tenant) ID'', de ''Verzeichnis-ID (Mandant)'')
-  https://login.microsoftonline.com/<tenant>/.well-known/openid-configuration
+By default, the plugin will map roles found in the JWT auth token to groups. If you want to use the user's real groups in ACLs you need to enable the ''fetchgroups'' config. The plugin will request two additional permissions on top of the usual oAuth scopes: ''User.Read'' and ''GroupMember.Read.All''.
-You can link azure groups by ID separated by commas.
-Additionally you can set label and color of the login button if you want.
+{{ :plugin:oauthazure.png }}
+Assign the group "azure" to the users, then you can log in directly with it.
+For further setup see [[plugin:oauth]] page.
+All users authorized by this plugin are added to automatic ''azure'' group by [[plugin:oauth]]. You can use this in your ACL configuration.
+===== Development =====
+==== Acknowledgements ====
+The code has been originally based on the [[oauthkeycloak]] plugin.
 === Change Log ===
+{{rss>https://github.com/cosmocode/dokuwiki-plugin-oauthazure/commits/master.atom date}}