LUCY

User Tools

Site Tools

Trace:
sso_azure

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
sso_azure [2019/11/14 09:38] lucysso_azure [2022/10/04 15:18] (current) lucy
Line 34: Line 34:
  
   * Tick the option "**Enable Active Directory FS**"   * Tick the option "**Enable Active Directory FS**"
- 
-  * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy 
- 
-{{ ::sso_azure_lucy_configs.png?600 |}} 
- 
-{{ ::sso_azure_lucy_configs2.png?400 |}} 
  
   * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml")   * Download a pre-configured SAML metadata file (copy the URL and paste into your web browser address bar, change the extension of the file to .XML, for example "lucy-sp.xml")
Line 51: Line 45:
  
 {{ ::sso_azure_lucy_metadata_file3.png?600 |}} {{ ::sso_azure_lucy_metadata_file3.png?600 |}}
 +
 +
 +  * Download the __FederationMetadata.xml__ file from Azure AD and fill the __Identity Provider__ Endpoint and __Certificate Thumbprint__ in Lucy
 +
 +{{ ::sso_azure_lucy_configs.png?600 |}}
 +
 +{{ ::sso_azure_lucy_configs2.png?400 |}}
 +
  
   * Add a new Claim "__mail__" that contain an e-mail address of the user, see more [[https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization|here]]   * Add a new Claim "__mail__" that contain an e-mail address of the user, see more [[https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-saml-claims-customization|here]]
Line 70: Line 72:
 {{ ::sso_azure_import_ssl2.png?600 |}} {{ ::sso_azure_import_ssl2.png?600 |}}
  
-  * (optional) You may also configure a domain name that Azure AD will use to receive authentication requests. Azure supports both single domain and range of subdomains, however, for this you need to use a wildcard SSL certificate. By default, Lucy is configured to use system domain.+  * (**optional**) You may also configure a domain name that Azure AD will use to receive authentication requests. Azure supports both single domain and range of subdomains, however, for this you need to use a wildcard SSL certificate. By default, Lucy is configured to use system domain.
  
 To enable support for the subdomains, set the value in the Domain field in the following way ".domain.com" To enable support for the subdomains, set the value in the Domain field in the following way ".domain.com"
Line 79: Line 81:
 :!: Please note, Azure AD does not support multiple second-level domains in a single application. :!: Please note, Azure AD does not support multiple second-level domains in a single application.
  
 +  * (**optional**) If the option "**Auto Login**" enabled, Lucy tries to automatically log in using Single Sign-on instead of showing the Login page.
  
 ===== Testing Authentication ===== ===== Testing Authentication =====
Line 98: Line 101:
 {{ ::sso_azure_login_activity.png?600 |}} {{ ::sso_azure_login_activity.png?600 |}}
  
 +===== OAuth 2.0 =====
 +
 +The method of authentication is described [[microsoft_azure_oauth_2_0|here]].
  
 ===== Troubleshoot problems ===== ===== Troubleshoot problems =====
sso_azure.txt · Last modified: 2022/10/04 15:18 by lucy