All geek questions in one place

Connect to Azure Active Directory from a PHP web application

Looking for guidance on this, since I'm really stuck with this, I have the internal URL of an application made in PHP and I want to connect to Azure Active Directory.

So far I have looked at an example from Microsoft using SimpleSAML, but it is really out of date, and I had problems adapting it to the newer SimpleSAML code.

Is there a better way to integrate a web application with Azure AD? I read somewhere that I can use Getting Started with Mobile Services , but I would like to hear from previous experience about what is the best / current method for using Azure AD to log into PHP ?.

- EDIT -

By integration, I mean that people can authenticate and get the email address or EmployeeID from Azure AD to provide SSO support.

+5
source share
2 answers

There are several scenarios supported by Azure AD, depending on what you are using Azure AD for. Basically, to access resources through Azure AD from a PHP web application, you can refer to the Web Application to Web API section to understand this scenario and get you started.

In order to integrate Azure AD into PHP web applications, we need to follow the steps in the flow of providing the authorization code to create several custom HTTP requests. EG. To get an access token through the OAuth 2.0 protocol, we must refer to the steps "Providing an authorization code" , as a rule, we will create 2 HTTP requests to get an access token:

1, Request an authorization code enter image description here

The extension URL will be redirected to the sso page, after logging in we will get the code value, which will be used in the next step.

2, use the authorization code to request an access token: enter image description here

Then we can use the access token to add a JWT string with the designation "Bearer" in the authorization header of the web resource API request.

Here is the PHP testing project provided by Azure for your reference.

+4
source

we are moving our AD to Azure AD, and we would like to have SSO support for internal web applications, so when they log into their PCs, use the azure proxy server and they will automatically subscribe to the PHP Program website. Is it possible?

@Vladimir, Based on my experience, this is possible. There are some scenarios you can reference. You may need to use Azure AD Connect to synchronize local AD with Azure AD and enable Azure AD ASO to integrate with your php application in your scenario.

First, if you want to integrate your local AD with Azure AD, you must use the Azure AD Connect tool, which is used to synchronize your AD with Azure AD. See tutorials and videos . You must have permission from an IT administrator for this action.

Secondly, you need to use Federated Single Sign-On and other methods for your Azure Portal application. Perhaps you need to configure your PHP application like this video: https://channel9.msdn.com/Blogs/Open/Using-SimpleSAML-to-authenticate-PHP-applications-with-Azure-AD . And if you want to get information about users, you may need to use the Azure Graph API as a Gary message.

+3
source

Source: https://habr.com/ru/post/1235152/

More articles:


All Articles