Microsoft Azure¶

– OpenID Connect

OpenID Connect¶

Is used by the login app. See OpenID Connect for more information.

Create your directory at https://portal.azure.com/

Register your application:

Add a Redirect URI (don’t forget to append a /):

You can update the redirect URL by selecting Redirect URIs in the application overview:

Warning

You will need to append a / to the Redirect URI (e.g. http://localhost:8000/oidc/callback/).

Tip

For more information, see examples of callback urls in mozilla-django-oidc,

The login app requires a .private file containing the following:

set -x OIDC_OP_AUTHORIZATION_ENDPOINT "https://login.microsoftonline.com/fcee251/oauth2/v2.0/authorize"
set -x OIDC_OP_TOKEN_ENDPOINT "https://login.microsoftonline.com/fcee251/oauth2/v2.0/token"

set -x OIDC_RP_CLIENT_ID "36ad9"
set -x OIDC_RP_CLIENT_SECRET "aead6"

set -x OIDC_OP_JWKS_ENDPOINT "https://login.microsoftonline.com/common/discovery/v2.0/keys"
set -x OIDC_RP_SIGN_ALGO "RS256"
set -x OIDC_USE_NONCE False

# used by 'login/management/commands/demo_data_login_oidc.py'
set -x KB_TEST_EMAIL_FOR_OIDC "patrick@kbsoftware.co.uk"
set -x KB_TEST_EMAIL_USERNAME "pkimber"

The Application ID (OIDC_RP_CLIENT_ID) is on the Overview page:

The endpoints are found here (OIDC_OP_AUTHORIZATION_ENDPOINT, OIDC_OP_TOKEN_ENDPOINT):

Create a secret in Certificates and secrets (OIDC_RP_CLIENT_SECRET):

To get the OIDC_OP_JWKS_ENDPOINT and OIDC_RP_SIGN_ALGO browse to: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

Tip

I found this information in the Fetch the OpenID Connect metadata document…

ssh¶

If your ssh connections are timing out, then add the following to your ~/.ssh/config file:

Host www.hatherleigh.info
    ServerAliveInterval 120
    ServerAliveCountMax 4

Tip

Replace Host as appropriate.