Configuration for config.js (required)
- copy config.example and rename file to config.js. replace secret with a random generated secret. You can use for example https://randomkeygen.com/
Cofiguration for azure-config.js (required for Active Directory Authentication)
copy azure-config.example and rename file to azure-config.js.
const config = { path: '/login', clientID: '87f210d2-d3af-43dd-ba98-07adaff3e791', tenant: '24981a26-eb7a-4f13-95d4-66827d36dec8', authorityUrl: 'https://login.windows.net/', resource: '00000002-0000-0000-c000-000000000000', clientSecret: 'xxxxxxxxxxxxxx', identityMetadata: 'https://login.microsoftonline.com/24981a26-eb7a-4f13-95d4-66827d36dec8/.well-known/openid-configuration', responseType: 'code', responseMode: 'form_post', redirectUrl: 'https://msg-test.akiomacloud.de/auth/azure/openid/return', allowHttpForRedirectUrl: false, validateIssuer: false, issuer: null, passReqToCallback: false, useCookieInsteadOfSession: false, cookieEncryptionKeys: [ ], loggingLevel: 'warn', loggingNoPII: true, nonceLifetime: null, nonceMaxAmount: 5, clockSkew: null };
Options for the Active Directory configuration file
- path : path for login authentication, '/login' will setup a new http route at 'auth/azure/login' for authentication
- clientID : the clientID key required for the login. This will be automatically placed in the login request as a form paramenter
- tenant : the tenant id required for the login. This will be automatically placed in the login request as a form paramenter
- authorityUrl : the authority url, usually is https://login.windows.net
- resource : your app id uri
In the PASOE config file, the configuration required for setting the generic login screen and azure authentication
eg.
<LoginScreen>loginGenericW</LoginScreen>
For the Authentication in Node.js we also need to provide the URL:
eg.
<ssoAuthenticationURI>https://msg-test.akiomacloud.de/auth</ssoAuthenticationURI>
The allowed authentication for Azure is called AzureActiveDirectory. You can specify one authentication or multiple authentication strategies via a comma delimited list.
eg.
<AllowedAuthentication>AzureActiveDirectory,AkiomaUser</AllowedAuthentication>