Configure Azure AD as IdP
This article provides the steps required to set up Identity Provider (IdP) on Azure workflow, which would be helpful in creating CRDP application on the CipherTrust Manager with JWT verification enabled.
Following are the steps:
1. Registering Application on Azure
On the Azure portal home page, click App registrations.
Click New Registration on the top left corner to register your application. Enter Name and click Register.
Click Register.
You have successfully registered your application. To view, search the application name on the App registrations panel.
2. Setting up Client Secret
Go to your application and click Certificates & secrets on the left panel.
Click + New client secret, enter Description, Expires, and click Add.
Note
Copy the secret Value and Secret ID for further use.
3. Adding Application ID
To add Application ID, click Expose an API on the left panel, select Add (near Application ID URI), and click Save.
4. Fetching the Public Key
Go to this API to get the JWK for the public key. You will get multiple JWKs there, copy any JWK.
Convert the JWK to PEM format, many tools are available online for converting JWK to PEM.
Now, you have obtained the public key, which can be used while creating CRDP application on the CipherTrust Manager.
5. Obtaining the Issuer
Go to this API https://login.microsoftonline.com/{tenant ID}/.well-known/openid-configuration to obtain the issuer.
Note
Replace
<tenant ID>with your Application tenant ID.Issuer is this string value
https://sts.windows.net/{tenant ID}/.
Now, you have obtained the issuer, which can be used while creating CRDP application on the CipherTrust Manager.
6. Getting the Azure Token
Launch the REST client, for example, Postman.
For the method, select GET.
For the URI, enter
https://login.microsoftonline.com/<TENANT ID>/oauth2/token. Replace<TENANT ID>with the tenant ID value you copied earlier.On the Headers tab, add Content-Type key and application/x-www-form-urlencoded for the value.
Go to the Body tab and add the following keys and values:
Select form-data.
Add
grant_type keyand typeclient_credentialsfor the value.Add
client_id keyand paste the value of client ID you copied earlier.Add
client_secret keyand paste the value of client secret you copied earlier.Add
resource keyand type the Application ID URI for the value.Select Send to send the request to get the token. You can see the token in the result. This is the JWT token that you can use in bearer token to access the exposed APIs by CRDP container.
Launch the REST client, for example, Postman.
For the method, select GET.
For the URI, enter
https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize. Replace<TENANT ID>with the tenant ID value you copied earlier.Select the Authorization tab and type OAuth 2.0.
Go to the Configure New Token tab and add the following keys and values:
Add Token Name.
Select Grant Type as Authorization Code.
Add Auth URL and provide the value
https://login.microsoftonline.com/{tenant-id}/oauth2/authorize.Add Access Token URL and provide the value
https://login.microsoftonline.com/{tenant-id}/oauth2/token.Add Client ID and provide the
{Client ID}orApplication ID.Add Client Secret and provide the
{Client Secret}.Add Scope and provide the value
https://graph.microsoft.com/mail.read.Add State and provide the value 12345.
Add Client Authorization and select Send as Basic Auth Header.
Click Generate Access Token, you will be prompted to sign in with your Azure Account. After signing, you will get the JWT token below the Token Type parameter.
