with Azure Active Directory (AAD) Single Sign On (SSO)

About

This repo is to help Laravel developer use the Azure Active Directory Admin Center to enable single sign-on (SSO) for an enterprise application that you added to your Azure Active Directory (Azure AD) tenant. After you configure SSO, your users can sign in by using their Azure AD credentials. This is using laravel-azure-ad-oauth package and making some tweaks to make it work.

Installation

Prerequisite

• Laravel up and running, if not refer to this link Laravel Installation
• Users to authenticate with the application and "login" Authentication Installation
• Authenticate with OAuth providers using Laravel Socialite Socialite Installation
• Install NPM
• Install Composer

Setup App Registration

• Just follow the steps here Quickstart Register App
• Copy the Client ID (overview page) and client secret.

Setup Laravel

• Install metrogistics/laravel-azure-ad-oauth

composer require metrogistics/laravel-azure-ad-oauth:* -w

• On the env vars of Laravel, place the client ID and client secret.

AZURE_AD_CLIENT_ID=XXXX
AZURE_AD_CLIENT_SECRET=XXXX

• Finally update the database, make password field nullable and add a new field/column called 'azure_id with VARCHAR(36)'

Add column to users table: ALTER TABLE users ADD COLUMN azure_id VARCHAR(36) AFTER id;
Make password nullable: ALTER TABLE users MODIFY password varchar(255) null;

Usage

• Access the login page

• Access microsoft login page

• Adding users that can access the app

Common issues

• 'Forbidden page' on load https://stackoverflow.com/questions/18392741/apache2-ah01630-client-denied-by-server-configuration

• 'Error AADSTS50011 - The reply URL specified in the request does not match the reply URLs configured for the application' on SSO https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50011-reply-url-mismatch Double check callback URL should be: http://localhost:8999/login/microsoft/callback

• 'Class "\App\User" not found' after login solution: JosephSilber/bouncer#539

• 'Class "Metrogistics\AzureSocialite\InvalidStateException" not found' solution: https://github.com/metrogistics/laravel-azure-ad-oauth/issues/3

• 'Command "make:auth" is not defined.' https://stackoverflow.com/questions/34545641/php-artisan-makeauth-command-is-not-defined

• 'Laravel\Socialite\Two\InvalidStateException'

  • Add column to users table: ALTER TABLE users ADD COLUMN azure_id VARCHAR(36) AFTER id;
  • Make password nullable: ALTER TABLE users MODIFY password varchar(255) null;

USE laravel;
ALTER TABLE users ADD COLUMN azure_id VARCHAR(36) AFTER id;
ALTER TABLE users MODIFY password varchar(255) null;

• 'No CSS and JS, app.js and app.css are not found' Need to run on the project folder:

  • npm install
  • npm run dev (Make Sure Mix is installed properly)

• View changes does not reflect

php artisan cache:clear

• or maunally delete the cache view in storage/framework/views reference

• For Azure App Service issue: getting 'Forbidden' page and not picking up the .htacces file

  • Check the PHP version, Once I selected PHP 7.4 it worked, some compatibility issue on PHP 8

• For production env, use https

  • On .env change APP_ENV to production
  • On .env change APP_DEBUG to false
  • Code changes: https://stackoverflow.com/questions/35827062/how-to-force-laravel-project-to-use-https-for-all-routes

Code of Conduct

In order to ensure that the Laravel community is welcoming to all, please review and abide by the Code of Conduct.

Security Vulnerabilities

If you discover a security vulnerability within Laravel, please send an e-mail to Taylor Otwell via taylor@laravel.com. All security vulnerabilities will be promptly addressed.

Developer

Dinno Ebora - LinkedIn

Credits

Credit belong to metrogistics for creating the package laravel-azure-ad-oauth, no copyright infringement intended.