PIXILAB Wiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
blocks:sso:adfs [2022-03-30 09:37] – [Filter the groups provided to Blocks] maxblocks:sso:adfs [2024-08-20 09:11] (current) – Update for Windows Server 2022 melvin
Line 3: Line 3:
 ===Prerequisites=== ===Prerequisites===
  
-To be able to follow the steps below you'll need to have Windows Server 2016 or later with the "Active Directory Federation Services (ADFS)" feature enabled.+To be able to follow the steps below you'll need to have Windows Server 2016 or later with the "Active Directory Federation Services (ADFS)" feature enabled. 
  
 ===Add an OpenID Connect configuration to ADFS=== ===Add an OpenID Connect configuration to ADFS===
Line 17: Line 17:
   - Paste and add the **Client Identifier** (from step 6) as the "Identifier". Click next.   - Paste and add the **Client Identifier** (from step 6) as the "Identifier". Click next.
   - Select the access control policy you'd like to use and click next.   - Select the access control policy you'd like to use and click next.
-  - Make sure the box next to "openid" is ticked. +  - Make sure the boxes next to "openid" and "allatclaims" are ticked. If the "allatclaims" scope is not present in the list, click the "New scope..." button to create it. This scope is needed for sending additional claims such as the user's groups as roles to Blocks after authentication. 
-  - Click the "New scope..." button in the bottom and and give it the name "allatclaims", click OK. This scope is needed for sending additional claims such as the user's groups as roles to Blocks after authentication. +
   - Finish the wizard.   - Finish the wizard.
  
Line 35: Line 34:
 ====Blocks specific steps==== ====Blocks specific steps====
  
-  - Open your Blocks configuration file on your Blocks server and add the "auth" section below to the already existing "server" section. Replace the values of [BLOCKS-IP], [PROTOCOL], [ADFS-SERVER], [CLIENT-ID] and [CLIENT-SECRET]. [CLIENT-ID] and [CLIENT-SECRET] is the items copied and saved from the **Add a OpenID Connect configuration to ADFS** section above.+  - Open your Blocks configuration file on your Blocks server and add the "auth" section below to the already existing "server" section. Replace the values of [BLOCKS-DOMAIN-OR-IP], [PROTOCOL], [ADFS-SERVER], [CLIENT-ID] and [CLIENT-SECRET]. [CLIENT-ID] and [CLIENT-SECRET] is the items copied and saved from the **Add a OpenID Connect configuration to ADFS** section above.
     * <code>     * <code>
 server: server:
 +  type: pixilab_server
   auth:   auth:
     urlResolver: null     urlResolver: null
     ajaxRequestResolver: null     ajaxRequestResolver: null
-    callbackUrl: https://[BLOCKS-IP]/rest/auth/callback+    callbackUrl: http://[BLOCKS-DOMAIN-OR-IP]/rest/auth/callback
     rolesOwner: attributes     rolesOwner: attributes
     rolesPath: roles     rolesPath: roles
Line 55: Line 55:
       security:       security:
         - matchers: internalMatcher         - matchers: internalMatcher
-        clients: OidcClient +          clients: OidcClient 
-        authorizers: isAuthenticated+          authorizers: isAuthenticated
 </code> </code>
   - Start Blocks and go to "/edit" for login.   - Start Blocks and go to "/edit" for login.