Configure Web Central to Use the Azure Identity Provider
Configure Archibus Web Central to reflect the Azure identity provider (IdP) and the Apollo GraphQL server by updating the settings in the following files:
-
WEB-INF\config\context\applications\configservice.properties
-
WEB-INF\config\oidc.properties
configservice.properties
Edit WEB-INF\config\context\applications\configservice.properties and complete values for the following items by obtaining them from Azure.
configService.onsite.clientId
-
Go to the Overview screen in Azure, and locate the value for "Application (client) ID."
-
Copy this value.
-
In WEB-INF\config\context\applications\configservice.properties, complete
configService.onsite.clientId
with the copied value, such as:configService.onsite.clientId=4eb33ca-0bd2-421b-b2b4-217bf3807147
configService.onsite.issuerUrl
-
Go to the Overview/Endoints screen in Azure, and copy the value for "OpenID Connect metatdata document."
-
Open a browser and paste.
-
Scroll down or search to find "Issuer." Copy this value.
-
In WEB-INF\config\context\applications\configservice.properties, complete
configService.onsite.issuerUrl
with the copied value, such as:configService.onsite.issuerUrl=login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0
configService.onsite.callbackUrl
-
Go to Authorization screen in Azure, and locate the URL under "Mobile and desktop applications." Note that the value does not end in a forward slash.
-
Copy this value.
-
In WEB-INF\config\context\applications\configservice.properties, complete
configService.onsite.callbackUrl
with the copied value, such as:configService.onsite.callbackUrl=com.archibus.onsite.auth://callback/
-
Notice that you must add a forward slash to the end of the value.
configService.onsite.apolloUrl
This value is always: https://apollo.archibus.cloud
, such as configService.onsite.apolloUrl=https://apollo.archibus.cloud
.
Example of configservice.properties
# OIDC authentication client ID for mobile apps
configService.onsite.clientId=4eb33ca-0bd2-421b-b2b4-217bf3807147
# OIDC issuer URL for mobile apps
configService.onsite.issuerUrl=https://login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0
# OIDC callback URL for mobile apps
configService.onsite.callbackUrl=com.archibus.onsite.auth://callback/
# Apollo URL for mobile apps
configService.onsite.apolloUrl=https://apollo.archibus.cloud
oidc.properties
Edit WEB-INF\config\oidc.properties amd complete the following values by obtaining them from Azure:
oidc.usernameClaim
Retain the default value, oidc.usernameClaim=email
, as Archibus uses the email address to match the user to Azure.
oidc.audience
-
Go to the Overview screen in Azure, and locate the value for "Application (client) ID."
-
Copy this value.
-
In WEB-INF\config\oidc.properties, complete
oidc.audience
with the copied value, such as:idc.audience=4eb33ca-0bd2-421b-b2b4-217bf3807147
oidc.issuer
-
Go to the Overview/Endoints screen in Azure, and copy the value for "OpenID Connect metatdata document."
-
Open a browser and paste.
-
Scroll down or search to find "Issuer." Copy this value.
-
In WEB-INF\config\oidc.properties, complete
oidc.issuer
with the copied value, such as:oidc.issuer=login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0
oidc.jwksUrl
-
Go to the Overview/Endoints screen in Azure, and copy the value for "OpenID Connect metatdata document."
-
Open a browser and paste.
-
Scroll down or search to find "jwks_url." Copy this value.
-
In WEB-INF\config\oidc.properties, complete
oidc.jwksUrl
with the copied value, such as:oidc.issuer=login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/discovery/v2.0/keys
.
Example
oidc.usernameClaim=email
oidc.audience=4eb33ca-0bd2-421b-b2b4-217bf3807147
oidc.issuer=https://login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/v2.0
oidc.jwksUrl=https://login.microsoftonline.com/63b3b6d2-b0a0-9d30-0eaf117a5db7/discovery/v2.0/keys