分享程序员开发的那些事...
更新时间:2023-01-08 21:32:46
Strapi本身支持Microsoft SSO.
您必须在三个方面采取行动:Azure门户,Strapi Admin,前端应用程序
1.1 创建应用程序,请转到
1.3.1 在支持的帐户类型"中设置多租户"选项(在bandi中,默认情况下不支持单租户,如果您需要设置单租户,则必须创建一个自定义提供程序,但要创建多租户可以)
1.3.2 在重定向URI"字段中,输入"Web"和
/connect/microsoft/callback
(即http://localhost:1337/connect/microsoft/callback或您的bandi生产网址https://mystrapiexample.com/connect/microsoft/callback)
1.3.3 注册并转到下一页
1.4 转到已注册应用的身份验证"页面(左侧菜单)以启用隐式授权流程(访问令牌)
1.5 转到已注册应用程序的证书和机密"页面(左侧菜单)以创建新客户端机密"并注释该值,您将在配置提供程序时使用它在地上.
1.6 还要注意概述"页面中的应用程序(客户端)ID",当您在trapi上配置提供程序时将使用它
2.1 转到角色和权限">提供者> Microsoft
2.2 设置启用"以及您在先前步骤(1.5和1.6)中获得的clientId和密码
2.3 到您的前端应用程序的重定向URI,该应用程序获取并重定向Microsoft access_code(此步骤稍后将更清楚)
准备好了吗?至此,流程开始,开始跳转以完成身份验证,并获得一个strati jwt以身份验证的用户身份发出请求.
3.1 在您的前端应用程序中创建一个链接,以链接Microsoft
/connect/microsoft
(即http://localhost:1337/connect/microsoft或您的bandi生产网址https://mystrapiexample.com/connect/microsoft)
3.2 Strapi将用户重定向到microsoft身份验证页面,成功后,将使用Microsoft access_code将用户重定向到trapi(此步骤对您而言是透明的)
3.3 Strapi将access_code重定向到2.3中设置的前端URL,前端URL必须重定向(使用access_code)到trapi页面auth
/auth/microsoft/callback
(即http://localhost:1337/auth/microsoft/callback或您的bandi生产网址https://mystrapiexample.com/auth/microsoft/callback).....
3.4 至此,stradi创建了自己的JWT令牌,该令牌返回到前端应用程序,该前端应用程序可以将其存储(在本地存储,会话存储中...)以向bandi端点发出请求./p>
参考
I am wondering if anyone has done this before,
I have an azure Active Directory, and I host the front end of our app in IIS. The back is controlled by pm2. How can I set up SSO with Azure AD and our back end strapi?
Thank you for any help
Strapi supports natively Microsoft SSO.
You must act on three fronts: Azure Portal, Strapi Admin, Frontend App
1.1 Create application, go to the App registrations site and register an app
1.2 Click New Registration
1.3 Fill the form as show in below ScreenShot
1.3.1 In "Supported account types" set Multitenant option (in strapi, single tenant is not supported by default, if you need to set single tenant you must create a custom provider, but multitenant is ok)
1.3.2 In the Redirect URI field, put "Web" and
/connect/microsoft/callback
(i.e. http://localhost:1337/connect/microsoft/callback or your strapi
production url https://mystrapiexample.com/connect/microsoft/callback)
1.3.3 Register and go to next page
1.4 Go to the "Authentication" page of your registered App (left menu) to enable the implicit grant flow (Access tokens)
1.5 Go to the "Certificate and secrets" page of your registered App (left menu) to create a "New client secret" and annotate the value, You will use it when you configure the provider on strapi.
1.6 Also note the "Application (client) ID" in the Overview page, You will use it when you configure the provider on strapi
2.1 Go to "Roles and Permission" > Providers > Microsoft
2.2 Set Enable "ON" and your clientId and secret that you get in previous steps (1.5 and 1.6)
2.3 The redirect URI to your front-end app which gets and redirects the microsoft access_code (this step will be clearer later)
Ready? At this point the flow begins, starts to jump to complete the authentication and obtain a strapi jwt to make the requests as an authenticated user.
3.1 Create a link in your frontend application to strapi microsoft sign-in
/connect/microsoft
(i.e. http://localhost:1337/connect/microsoft or your strapi
production url https://mystrapiexample.com/connect/microsoft)
3.2 Strapi redirects the user to microsoft authentication page, on success the user will be redirected on strapi with a microsoft access_code (this step is transparent for you)
3.3 Strapi redirects the access_code to the frontend url set in 2.3, which must redirect (with access_code) to strapi page auth
/auth/microsoft/callback
(i.e http://localhost:1337/auth/microsoft/callback or your strapi
production url https://mystrapiexample.com/auth/microsoft/callback ).....
3.4 At this point strapi creates its own JWT token which returns to the frontend application, which can store it (in localstorage, session storage...) to make requests to the strapi endpoints.
References