This video shows the steps to configure AzureAD as the OIDC provider and test the end-end flow. #azuread #azureactivedirectory #openid #identity #iam #security #sso
Пікірлер: 22
@securityinaction10182 жыл бұрын
Please subscribe to this channel for regular updates kzbin.info/door/EEayyyCrJO94FYlzF0NLTg Thank You for the support.
@guardiasofgalaxy2 ай бұрын
Only video which serves its purpose. All steps worked 100%. Thanks for simple explanation.
@securityinaction10182 ай бұрын
Glad it helped!! Please like, subscribe & share this video to support this channel !! Thanks in advance.
@menatmars Жыл бұрын
Fantastic!!! That was explained in a really simple manner, thank you very much, it helped a lot to understand the flow of open id authentication. Keep up the good work😇👍
@securityinaction1018 Жыл бұрын
Glad it helped! Thank you
@preminfi48879 ай бұрын
Awesome video. it is very helpful and easy to understand your explanation. Do you have any plans to add Azure AD as ID provider and GCP as client? thanks
@securityinaction10189 ай бұрын
Thank you! When you say GCP as client, are you referring Google cloud identity?
@sameeramadushanka8346 ай бұрын
Thanks for the well-explained demo on the OpenID Connect flow. This is invaluable in understanding what happens in the flow, with the ability to see the data exchanged. Also, a plus for the simple and clear demo setup. I'm trying to authorize using AD groups by setting claims.groups: groups and enabling Azure App group claims, but I'm still not successful. Can you explain that flow?
@securityinaction10186 ай бұрын
Glad it was helpful! Are you trying to get the AzureAD groups claim in ID token? Please like, subscribe & share!! Thanks in advance.
@sameeramadushanka8346 ай бұрын
@@securityinaction1018 I managed to get it done with Azure AD groups. There I used claims. groups: roles in Elastic user settings and sAMAccountName Emit groups as role claims options in Azure App registration token configuration.
@securityinaction10186 ай бұрын
Are you trying the same scenario with Active Directory groups?
@sameeramadushanka8345 ай бұрын
@@securityinaction1018 I wanted to authenticate the Azure AD group users to Elastic cloud. I managed to figure out the issues and my config is working now.
@ianhokage4 ай бұрын
Is it possible to request only the id token and additional claims? Will it still require client secret if i only need the id token?
@securityinaction10184 ай бұрын
Refer this learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-implicit-grant-flow Implicit flow allows that, but strictly not recommended. In authorization code grant flow, both ID and Access tokens will be returned. As per this doc learn.microsoft.com/en-us/azure/active-directory-b2c/authorization-code-flow, client secret is not mandatory for public apps.
@ianhokage4 ай бұрын
@@securityinaction1018 If I don't need the application to access protected resources in my AAD tenant, do I still need to complete the authorization code flow with access token and client secret? I just need the application to leverage OpenID to authenticate the users. Do you think implicit flow using ID token is enough for my requirement? I want to take a hint in OIDC Playground, they have the OpenID-only mode in their options. Unfortunately, the OpenId-only mode is still not available:( I'm not really good at coding so I don't fully understand how to build an authorization code grant flow. I just need to protect my AAD environment and keep the setup as simple as possible. Not requiring a client secret would help so I don't need to renew these secrets every now and then.
@securityinaction10184 ай бұрын
Implicit flow is not recommended since it is not secure. I am not sure which framework you are using for your app. If it is java, you can refer this video kzbin.info/www/bejne/i5_ag2COareepdE on how to integrate a Java spring boot app with AzureAD using OIDC
@ianhokage4 ай бұрын
@@securityinaction1018 Thank you. Your videos are great by the way!
@securityinaction10184 ай бұрын
Thank you. Please like, subscribe & share!! Thanks in advance.
@jayakumar29278 ай бұрын
how to implemented real time
@securityinaction10188 ай бұрын
You can check the videos in this playlist for some of the use cases kzbin.info/aero/PLLFnfBgEq5NJhWHCYH2VvZZMkAe0ZBA-u