DecisionsDev
diff --git a/‎.github/workflows/check-links.yml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/check-links.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎authentication/AzureAD/README.md
Lines changed: 47 additions & 497 deletions b/‎authentication/AzureAD/README.md
Lines changed: 47 additions & 497 deletions
diff --git a/‎authentication/AzureAD/README_WITH_CLIENT_SECRET.md
Lines changed: 506 additions & 0 deletions b/‎authentication/AzureAD/README_WITH_CLIENT_SECRET.md
Lines changed: 506 additions & 0 deletions
diff --git a/‎authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md
Lines changed: 468 additions & 0 deletions b/‎authentication/AzureAD/README_WITH_PRIVATE_KEY_JWT.md
Lines changed: 468 additions & 0 deletions
diff --git a/‎authentication/AzureAD/azuread-odm-script.zip
4.23 KB b/‎authentication/AzureAD/azuread-odm-script.zip
4.23 KB
diff --git a/‎authentication/AzureAD/generateTemplateForPrivateKeyJWT.sh
Lines changed: 78 additions & 0 deletions b/‎authentication/AzureAD/generateTemplateForPrivateKeyJWT.sh
Lines changed: 78 additions & 0 deletions
diff --git a/‎authentication/AzureAD/images/AddRDCallback.png
368 KB b/‎authentication/AzureAD/images/AddRDCallback.png
368 KB
diff --git a/‎authentication/AzureAD/images/AddURI.png
229 KB b/‎authentication/AzureAD/images/AddURI.png
229 KB
diff --git a/‎authentication/AzureAD/templates_for_privatekeyjwt/OdmOidcProviders.json
Lines changed: 14 additions & 0 deletions b/‎authentication/AzureAD/templates_for_privatekeyjwt/OdmOidcProviders.json
Lines changed: 14 additions & 0 deletions
diff --git a/‎authentication/AzureAD/templates_for_privatekeyjwt/openIdParameters.properties
Lines changed: 8 additions & 0 deletions b/‎authentication/AzureAD/templates_for_privatekeyjwt/openIdParameters.properties
Lines changed: 8 additions & 0 deletions
@@ -11,12 +11,12 @@ jobs:
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: technote-space/get-diff-action@v6
         with:
           PATTERNS: |
             **/**.md
-      
+
       - uses: gaurav-nelson/github-action-markdown-link-check@v1
         with:
           use-quiet-mode: 'yes'
 
@@ -0,0 +1,78 @@
+#!/bin/bash
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+export AZUREAD_CLAIM_GROUPS="groups"
+export AZUREAD_CLAIM_LOGIN="loginName"
+OUTPUT_DIR=./outputPKeyJWT
+TEMPLATE_DIR=./templates_for_privatekeyjwt
+
+function usage {
+  cat <<EOF
+Usage: $(basename "$0") [-<option letter> <option value>] [-h]
+
+Options:
+
+-g : AZUREAD ODM Group ID
+-i : Client ID
+-n : AZUREAD domain (AZUREAD server name)
+-a : Allow others domains (Optional)
+Usage example: $0 -i AzureADClientId -n <Application ID (GUID)> -g <GROUP ID (GUID)> [-a <domain name>]"
+EOF
+}
+
+while getopts "x:i:n:s:g:ha:" option; do
+    case "${option}" in
+        g) AZUREAD_ODM_GROUP_ID=${OPTARG};;
+        i) AZUREAD_CLIENT_ID=${OPTARG};;
+        n) AZUREAD_SERVER_NAME=${OPTARG};;
+        a) ALLOW_DOMAIN=${OPTARG};;
+        h) usage; exit 0;;
+        *) usage; exit 1;;
+    esac
+done
+
+if [[ -z ${AZUREAD_ODM_GROUP_ID} ]]; then
+  echo "AZUREAD_ODM_GROUP_ID has to be provided, either as in environment or with -g."
+  exit 1
+fi
+if [[ -z ${AZUREAD_CLIENT_ID} ]]; then
+  echo "AZUREAD_CLIENT_ID has to be provided, either as in environment or with -i."
+  exit 1
+fi
+if [[ -z ${AZUREAD_SERVER_NAME} ]]; then
+  echo "AZUREAD_SERVER_NAME has to be provided, either as in environment or with -n."
+  exit 1
+fi
+
+if [[ ${AZUREAD_SERVER_NAME} != "https://.*" ]]; then
+  AZUREAD_SERVER_URL=https://login.microsoftonline.com/${AZUREAD_SERVER_NAME}
+else
+  AZUREAD_SERVER_URL=${AZUREAD_SERVER_NAME}
+fi
+
+mkdir -p $OUTPUT_DIR && cp $TEMPLATE_DIR/* $OUTPUT_DIR
+echo "Generating files for AZUREAD"
+sed -i.bak 's|AZUREAD_CLIENT_ID|'$AZUREAD_CLIENT_ID'|g' $OUTPUT_DIR/*
+sed -i.bak 's|AZUREAD_ODM_GROUP_ID|'$AZUREAD_ODM_GROUP_ID'|g' $OUTPUT_DIR/*
+sed -i.bak 's|AZUREAD_SERVER_URL|'$AZUREAD_SERVER_URL'|g' $OUTPUT_DIR/*
+# Claim replacement
+sed -i.bak 's|AZUREAD_CLAIM_GROUPS|'$AZUREAD_CLAIM_GROUPS'|g' $OUTPUT_DIR/*
+sed -i.bak 's|AZUREAD_CLAIM_LOGIN|'$AZUREAD_CLAIM_LOGIN'|g' $OUTPUT_DIR/*
+if [ ! -z "$ALLOW_DOMAIN" ]; then
+  sed -i.bak 's|login.microsoftonline.com|'login.microsoftonline.com,$ALLOW_DOMAIN'|g' $OUTPUT_DIR/*
+fi
+rm -f $OUTPUT_DIR/*.bak
@@ -0,0 +1,14 @@
+{
+    "providers": [
+      {
+          "name": "azure_ad",
+          "grantType": "client_credentials",
+          "clientAssertionAliasName": "myodmcompany",
+          "authorizationURL": "AZUREAD_SERVER_URL/oauth2/v2.0/authorize",
+          "tokenURL": "AZUREAD_SERVER_URL/oauth2/v2.0/token",
+          "scope": "AZUREAD_CLIENT_ID/.default",
+          "clientId": "AZUREAD_CLIENT_ID",
+          "logoutURL": "AZUREAD_SERVER_URL/oauth2/v2.0/logout"
+      }
+    ]
+}
@@ -0,0 +1,8 @@
+OPENID_SERVER_URL=AZUREAD_SERVER_URL
+OPENID_PROVIDER=azure_ad
+OPENID_AUTHORIZATION_URL=AZUREAD_SERVER_URL/oauth2/v2.0/authorize
+OPENID_TOKEN_URL=AZUREAD_SERVER_URL/oauth2/v2.0/token
+OPENID_CLIENT_ID=AZUREAD_CLIENT_ID
+OPENID_CLIENT_ASSERTION_ALIAS_NAME=myodmcompany
+OPENID_LOGOUT_URL=AZUREAD_SERVER_URL/oauth2/v2.0/logout
+OPENID_ALLOWED_DOMAINS=login.microsoftonline.com