Give us feedback
azure-ad-login-connector
Service icon

Azure AD Login Connector

Stable version 1.4.0 (Compatible with OutSystems 11)
Uploaded on 17 July 2023 by 
5.0
 (1 rating)
azure-ad-login-connector

Azure AD Login Connector

Documentation
1.5.2

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.5.1

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.5.0

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.4.0

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.3.1

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.3.0

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.2.0

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.0.1

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.


1.0.0

Purpose:

This module provides the reactive web blocks to build a login workflow that uses Microsoft services to authenticate the user and grant roles.

 

Components:

Install this package with the demo in order to receive a UI starter kit which includes a management UI and a reactive callback screen you can copy into another application to handle callbacks.

When you download the component and the demo, you will install two apps:

  • Azure AD Login Connector
  • Azure AD Login Connector Demo


The first contains all the logic required to implement authorization code flows. The second contains an administrative tool and a screen you should copy into another application to handle callbacks from Azure AD.

What is the Azure AD Login Connector?

All Microsoft Cloud Services including Office 365, Dynamics 365, Sharepoint among others, are protected by an OAuth authentication from Azure Active Directory. Azure AD is the identity provider, responsible for verifying the identity of users and applications that exist in an organization’s directory, and ultimately issuing security tokens upon successful authentication of those users and applications. Each external application needs to be register on Azure AD to be request an OAuth access token that will be included on each REST API request. This connector tries to abstract the complexity of the OAuth authentication needed in the authorization process to all other REST APIs from Microsoft.


Configuration

To make use of the AALC you need to perform a few steps in Azure and in the AALC Management application. When this is done you can then add authentication to your application.

The steps, in order, are;

  1. Registering your application in Azure
  2. Configuring the app registration in the AALC Management application
  3. Configuring authentication in your Reactive application


Registering Connector Application on Azure

To register your application, open up your azure portal at https://portal.azure.com. If you have an office 365 package you can login to azure using your office 365 admin credentials. In the search bar at the top of the screen type in 'App Registration' and navigate to the service. You should see the below screen:

Click on "New registration"

Fill in the information specified in the above screenshot and click "Register."

The above screen will be displayed. On this screen you can find your Application (client) ID and your Directory (tenant) ID. You will need this information later to configure OAuth in your application. You can find both values under the Essentials header.

Also in the above screenshot, you will see a menu link highlighted in red. Click on Certificates & secrets to generate a client secret. You will also need this to configure your application later.


Click on New client secret to generate a new client secret to be used by your application.



A new window will appear as in the above screenshot. Give your client secret a name and your desired expiration time.



In the ensuing screen, you will see your newly generated client secret. Make sure to copy the value somewhere secure immediately as it will no longer be available once you leave this screen.

Once you are done, you are done registering your application for a simple authorization code flow! The next step is to configure the application in the management app.


Adding the Azure AD application to the AALC Configuration:

The first step you need to do if give yourself the OauthAdministrator role of the Azure AD Login Connector Management application. You can do this via the OutSystems users application.

When this done you can log into the application. You should see the following screen:



Follow these steps to add the Azure AD application created in the first step:

  1. Click on the Add Application button.
  2. In the sidebar that has opened we will fill in the following details on the Details Tab. All these details can be retrieved from the created Azure AD application;
    - Tenant Id
    - Client Id
    - Client Secret
  3. We also fill in a Description
  4. Click on SAVE
  5. You will then see the application appear in the table, as seen in the screenshot below:


Open the configuration back up by clicking on the description. Navigate to the Espaces tab in the window that opens:



In here you will need to attach the UI module of the espace you want to secure using OAuth. You can search and select which one you want in the dropdown:



Once your Espace is attached, you have minimally configured the application to support a basic authorization code flow! Now we can move on to actually implementing authorization in our application.


Configuring authentication in Reactive application:

To configure your Reactive application to make very basic use of the AALC component:

  1. Open your security exception handler
  2. Replace the security exception flow to perform a simple redirect with the output of the CreateAuthenticationURL action
    • There should also be a check on GetUserId() in which you take the user to the InvalidPermissions screen if a user is already logged in as this means authentication has been done but the user lacks sufficient privilege to access the screen that threw the exception.
  3. Fill out the inputs and refer to the description of each to know what purpose they serve and what to put in them
  4. The flow should look something like this:

  1. Open the UserInfo block
  2. Open your logout action
  3. Create a flow that redirects the user to the output URL of
  4. It should look something like this:


This should provide your application with a very basic authorization code flow!


Azure AD Managing OutSystems Roles

If you are looking to AD to manage the roles synchronizing them to your OutSystems instance, then this article explains how to setup the roles on the Azure AD side.

https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles#roles-using-azure-ad-app-roles


Solution: 404, page not found with the CallbackPage

This error occurs when the URL length is limited on your platform or in IIS. For this reason, this component will not work in personal environments. However, in enterprise environments you can use the following steps to increase this maximum length:

  1. Install the Factory Configuration application and open this application on your environment(s)
  2. In the tab "Shared Configuration" create a new Shared Configuration of kind "web.config_XSL"
  3. Fill in a name and optionally a description
  4. Add the following Value and Save the configuration

<?xml version="1.0" encoding="UTF-8"?>
<xsl:stylesheet version="1.0"
xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
<xsl:output method="xml" indent="yes" encoding="UTF-8"/>
<xsl:template match="@*|node()">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
</xsl:copy>
</xsl:template>
<xsl:template match="/configuration/system.webServer/security/requestFiltering">
<xsl:copy>
<xsl:apply-templates select="@*|node()"/>
<requestLimits maxUrl="4096" maxQueryString="2048"/>
</xsl:copy>
</xsl:template>
</xsl:stylesheet>

Apply the configuration to all espaces that contain your callback screens or just to all espaces in your environment. You will need to do this in all your environments.