Configure Web Central to Use the Azure Identity Provider

Configure Archibus Web Central to reflect the Azure identity provider (IdP) and the Apollo GraphQL server by updating the settings in the following files:

configservice.properties

Edit WEB-INF\config\context\applications\configservice.properties and complete values for the following items by obtaining them from Azure.

configService.onsite.clientId

  1. Go to the Overview screen in Azure, and locate the value for "Application (client) ID."

  2. Copy this value.

  3. In WEB-INF\config\context\applications\configservice.properties, complete configService.onsite.clientId with the copied value, such as: configService.onsite.clientId=4eb33ca-0bd2-421b-b2b4-217bf3807147

configService.onsite.issuerUrl

  1. Go to the Overview/Endoints screen in Azure, and copy the value for "OpenID Connect metatdata document."

  2. Open a browser and paste.

  3. Scroll down or search to find "Issuer." Copy this value.

  4. In WEB-INF\config\context\applications\configservice.properties, complete configService.onsite.issuerUrl with the copied value, such as: configService.onsite.issuerUrl=login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0

configService.onsite.callbackUrl

  1. Go to Authorization screen in Azure, and locate the URL under "Mobile and desktop applications." Note that the value does not end in a forward slash.

  2. Copy this value.

  3. In WEB-INF\config\context\applications\configservice.properties, complete configService.onsite.callbackUrl with the copied value, such as: configService.onsite.callbackUrl=com.archibus.onsite.auth://callback/

  4. Notice that you must add a forward slash to the end of the value.

configService.onsite.apolloUrl

This value is always: https://apollo.archibus.cloud, such as configService.onsite.apolloUrl=https://apollo.archibus.cloud.

Example of configservice.properties

# OIDC authentication client ID for mobile apps
configService.onsite.clientId=4eb33ca-0bd2-421b-b2b4-217bf3807147
# OIDC issuer URL for mobile apps configService.onsite.issuerUrl=https://login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0
# OIDC callback URL for mobile apps
configService.onsite.callbackUrl=com.archibus.onsite.auth://callback/
# Apollo URL for mobile apps
configService.onsite.apolloUrl=https://apollo.archibus.cloud

oidc.properties

Edit WEB-INF\config\oidc.properties amd complete the following values by obtaining them from Azure:

oidc.usernameClaim

Retain the default value, oidc.usernameClaim=email, as Archibus uses the email address to match the user to Azure.

oidc.audience

  1. Go to the Overview screen in Azure, and locate the value for "Application (client) ID."



  2. Copy this value.

  3. In WEB-INF\config\oidc.properties, complete oidc.audience with the copied value, such as: idc.audience=4eb33ca-0bd2-421b-b2b4-217bf3807147

oidc.issuer

  1. Go to the Overview/Endoints screen in Azure, and copy the value for "OpenID Connect metatdata document."



  2. Open a browser and paste.

  3. Scroll down or search to find "Issuer." Copy this value.

  4. In WEB-INF\config\oidc.properties, complete oidc.issuer with the copied value, such as: oidc.issuer=login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0

oidc.jwksUrl

  1. Go to the Overview/Endoints screen in Azure, and copy the value for "OpenID Connect metatdata document."



  2. Open a browser and paste.

  3. Scroll down or search to find "jwks_url." Copy this value.

  4. In WEB-INF\config\oidc.properties, complete oidc.jwksUrl with the copied value, such as: oidc.issuer=login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/discovery/v2.0/keys.

Example

oidc.usernameClaim=email
oidc.audience=4eb33ca-0bd2-421b-b2b4-217bf3807147 oidc.issuer=https://login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0 oidc.jwksUrl=https://login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/discovery/v2.0/keys