CompanyOnwership_icon
MS Login Connector Team
Created on 17 October 2019
icon_unfollowing
Login to follow
microsoft-login-connector-reactive

Microsoft Login Connector Reactive

Stable version 1.0.12 (Compatible with OutSystems 11)
Uploaded on 16 Mar (13 days ago) by 
MS Login Connector Team
microsoft-login-connector-reactive

Microsoft Login Connector Reactive

Documentation
1.0.11

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Microsoft Login Connector Package:

The Microsoft Logon Connector (hereafter MLC) can only be used when all needed components are installed. These are;


You either need to install MLC Reactive or MLC Web

 

What is the Microsoft Login Connector

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the MLC you need to perform a few steps in Azure and in the MLC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering Connector Application on Azure and Office 365
  2. Adding the Azure AD application to the MLC Configuration
  3. Configuring authentication in Reactive application


Registering Connector Application on Azure and Office 365

To register the connector application on open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and select. You should see the below screen.

NB in the screen shots below use the callback https://<YourOutsystemsServer>/MSLoginConnectorReactive/CallbackPage rather than https://<YourOutsystemsServer>/MSLoginConnector/CallbackPage

Select New registration indicated by the plus symbol, getting the below (obviously with your organization being shown were Davies March is showing)

Provide a name, maybe something like 'Microsoft Auth for OutSystems' and set a redirect URI as https://<your outSystems Server>/MicrosoftLoginConnector/Callback.aspx.

and hit register giving a record like the below

The client ID you will need to enter into your application is just below the display name.

To generate the secret, select certificates & secrets in the second menu from the left.

Select new client secret

Select how long you want the secret to last for and give it a name. This will generate the secret you need to add into your application.

Make sure you copy or note your secret as it will be stared out the next time you return to it and will need to generate a new one.


Adding the Azure AD application to the MLC Configuration:

The first step you need to do if give yourself the Administrator role of the Microsoft Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application via https://<OutSystems environment URL> /MicrosoftLoginConnectorManagement. You should see the following screen after authentication.


Follow these steps to add the Azure AD application created in the first step;

  1. Click on New in the Application section
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. Open the Espace tab
  6. Select all the espaces / components that will be authentication with this Azure AD application.
    Note: An espace can only be attached to one Azure AD application

This concludes this step.


Configuring authentication in Reactive application:

To configure your Reactive application to make use of the MLC follow these steps;

  1. Open the Login screen
  2. Remove the container containing the following fields
    - Username
    - Password
    - Remember me
    - Forget password?
  3. Open the Login action from the Login screen and perform the following actions;
    a. Remove the actions “DoLogin and FeedbackMessageClose from the flow
    b. Add the client action GetOAuth2AuthenticationURL from the MicrosoftLoginConnectorReactive component into the flow
    c. Fill in at least the following details in this action;
    -- EspaceName. This needs to be the name of the current component.
    -- oAuthProviderId. Entities.OAuthProvider.AzureAd in this example.
    -- Change the input variable “URL” of the widget RedirectToURL to GetOAuth2AuthenticationURL.AuthenticationURL
    d. The result should look like this;
  4. Remove all unneeded variables and actions in the Login screen
    - Username
    - Password
    - Remember
    - ForgotPassword
  5. Open the UserInfo block
  6. Open the action ClientLogin and change the following;
    a. Remove all widgets except Start and the “redirect to the login screen” widget;
    b. The result should look like this;
  7. Open the action ClientLogout and change the following;
    a. Remove all widgets except Start
    b. Add the server action GetOauth2LogoutURL from the MicrosoftLoginConnectorReactive component into the flow.
    -- Configure the property “EspaceNameToReturnTo” with the current component name.
    c. Add the User_Logout server action from the Users component into the flow
    -- This will cause a warning about double server actions in one client action. You can choose to ignore this warning or create a wrapper for these two actions if needed.
    d. Add a Redirect widget into the flow
    -- Configure the property URL to GetOauth2LogoutURL.LogoutURL

Now you should have a working authentication with the configured application in Azure AD.

This concludes this step.


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

Should you get (in)frequent 404 page not found errors for the CallbackPage after logging in you need to do the following steps;

1. Install the Factory Configuration application and open this application on your environment(s)

2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"

3. Fill in a name and optionally a description

4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

5. In the tab "eSpaces" search for microsoftloginconnector

6. Select "MicrosoftLoginConnector" and/or "MicrosoftLoginConnectorReactive"

7. Select the newly created Shared Configuration in the dropdown and click on "Associate Shared Configuration"

8. Republish the Microsoft Login Connector components via Service Center



1.0.9

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles. 

If you are building in a traditional web experience or older version of OutSystems then you may want to use this version of the connector.

https://www.outsystems.com/forge/component-overview/3275/microsoft-login-connector


What is the Microsoft Login Connector

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request.This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.



Registering Connector Application on Azure and Office 365

To register the connector application on open up your azure portal  at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials.  In the search bar at the top of the screen type in 'App Registration' and select.  You should see the below screen.

NB in the screen shots below use the callback  https://<YourOutsystemsServer>/MSLoginConnectorReactive/CallbackPage rather than https://<YourOutsystemsServer>/MSLoginConnector/CallbackPage

Select  New registration indicated by the plus symbol, getting the below (obviously with your organisation being shown were Davies March is showing)


Provide a name, maybe something like 'Microsoft Auth for OutSystems' and set a redirect URI  as https://<your outSystems Server>/MicrosoftLoginConnector/Callback.aspx.


and hit register giving a record like the below

The client ID you will need to enter into your application is just below the display name.

To generate the secret select certificates & secrets in the second menu from the left.

select new client secret

Select how long you want the secret to last for and give it a name. This will generate the secret you need to add into your application.

Make sure you copy or note your secret as it will be stared out the next time you return to it and will need to generate a new one.


Azure AD Managing Outsystems Roles

If you are looking to AD to manage the roles synchronising them to your OutSystems instance then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles

 

Solution: 404, page not found with the CallbackPage

Should you get (in)frequent 404 page not found errors for the CallbackPage after logging in you need to do the following steps;

1. Install the Factory Configuration application and open this application on your environment(s)

2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"

3. Fill in a name and optionally a description

4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

 5. In the tab "eSpaces" search for microsoftloginconnector

6. Select "MicrosoftLoginConnector" and/or "MicrosoftLoginConnectorReactive"

7. Select the newly created Shared Configuration in the dropdown and click on "Associate Shared Configuration"

8. Republish the Microsoft Login Connector components via Service Center


Support options
This asset is not supported by OutSystems. You may use the discussion forums to leave suggestions or obtain best-effort support from the community, including from  who created this asset.
Dependencies
See all 2 dependencies