View Source

Configuration for config.js (required)

copy config.example and rename file to config.js. replace secret with a random generated secret. You can use for example https://randomkeygen.com/

Cofiguration for azure-config.js (required for Active Directory Authentication)

copy azure-config.example and rename file to azure-config.js.

const config = {
    path: '/login',
    clientID: '87f210d2-d3af-43dd-ba98-07adaff3e791',
    tenant: '24981a26-eb7a-4f13-95d4-66827d36dec8',
    authorityUrl: 'https://login.windows.net/',
    resource: '00000002-0000-0000-c000-000000000000',
    clientSecret: 'xxxxxxxxxxxxxx',
    identityMetadata: 'https://login.microsoftonline.com/24981a26-eb7a-4f13-95d4-66827d36dec8/.well-known/openid-configuration',
    responseType: 'code',
    responseMode: 'form_post', 
    redirectUrl: 'https://msg-test.akiomacloud.de/auth/azure/openid/return', 
    allowHttpForRedirectUrl: false,
    validateIssuer: false,
    issuer: null,
    passReqToCallback: false,
    useCookieInsteadOfSession: false,
    cookieEncryptionKeys: [ 
    ],
    loggingLevel: 'warn',
    loggingNoPII: true,
    nonceLifetime: null,
    nonceMaxAmount: 5,
    clockSkew: null
};

Options for the Active Directory configuration file

path : path for login authentication, '/login' will setup a new http route at 'auth/azure/login' for authentication
clientID : the clientID key required for the login. This will be automatically placed in the login request as a form paramenter
tenant : the tenant id required for the login. This will be automatically placed in the login request as a form paramenter
authorityUrl : the authority url, usually is https://login.windows.net
resource : your app id uri

In the PASOE config file, the configuration required for setting the generic login screen and azure authentication

eg.

<LoginScreen>loginGenericW</LoginScreen>

For the Authentication in Node.js we also need to provide the URL:

eg.

<ssoAuthenticationURI>https://msg-test.akiomacloud.de/auth</ssoAuthenticationURI>

The allowed authentication for Azure is called AzureActiveDirectory. You can specify one authentication or multiple authentication strategies via a comma delimited list.

eg.

<AllowedAuthentication>AzureActiveDirectory,AkiomaUser</AllowedAuthentication>