How-to: Retrieving information for Windows Azure Active Directory and Auth0
Introduction
This document describes the steps to retrieve the
information for Windows Azure Active Directory, and Auth0.
Note:
- This document is only relevant to the controlled release participants.
- This is not available for Exact Cloud customers.
Scope
This document describes the following:
- Retrieving the information for Windows Azure
Active Directory.
- Retrieving the information for Auth0
Retrieving the information for Windows Azure Active Directory
This section describes where and how you can retrieve the
necessary information when using Windows Azure Active Directory. Firstly, go to
https://manage.windowsazure.com.
Authority
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints.
- Check the value displayed at WS-FEDERATION SIGN-ON ENDPOINT.
- The Authority value is the WS-FEDERATION SIGN-ON
ENDPOINT value without the “wsfed” part, but including the trailing
slash. For example, the WS-FEDERATION SIGN-ON ENDPOINT value is
“https://login.microsoftonline.com/99a15be7-1abe-4bed-a8d0-e3521bcb4cfe/wsfed”,
and the Authority value is “https://login.microsoftonline.com/99a15be7-1abe-4bed-a8d0-e3521bcb4cfe/”.
Keep in mind: The Authority value does not include “wsfed” but
it requires the trailing slash.
Authorization Endpoint
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints.
- Copy the value at OAUTH 2.0 AUTHORIZATION ENDPOINT.
Token Endpoint
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints.
- Copy the value at OAUTH 2.0 TOKEN ENDPOINT.
Resource / APP URI ID / Allowed Audience / Audience URI / Realm
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click the application to open it.
- Click Expose an API.
- The value at Application ID URI is the Resource,
APP URI ID, Allowed Audience, Audience URI, or the
Realm value.
Client ID (Native)
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click the Native application to open it.
- The value at Application (client) ID is the Client ID.
Client ID (Web)
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click the Web app / API application to open it.
- The value at Application (client) ID is the Client ID..
Client secret
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click the Web app / API application to open it.
- Click Certificates & secrets.
- Click New client secret.
- Type “ClientSecret” at Description.
- Select Never at Expires.
- Click Add.
- Copy the value at Value. The value will be your client
secret.
Note:
- The value is available only after Add is clicked. Remember
to copy the value. If you have lost the value, delete the existing key, and
create the key again.
- Client secret is only needed when using the OAuth 2.0 protocol.
When using SAML, this is not needed.
Thumbprint
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints.
- Copy the value at FEDERATION METADATA DOCUMENT and open it
in a new browser window.
- Locate the first <X509Data><X509Certificate> element, and copy the
value.
- Paste it in Notepad or Notepad++. Ensure that you do not paste extra
characters, such as spaces.
- Save the file with the *.cer extension, for example, “key1.cer”.
- Double click the file with the .cer extension saved in step 8.
- Open the Details tab.
- Scroll down and select the Thumbprint row.
- Copy the value and remove all spaces.
- Convert the value to uppercase. This can be done in Microsoft Word
via the Change case function in the Home tab.
- You do not have to install the certificate and can close the
certificate screen and delete the file with the .cer extension.
Keep in mind: If you highlight and copy the value, you may be copying
some hidden characters. Remove the hidden characters by deleting the value from
the beginning, and retyping the value.
Metadata
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints.
- The value at FEDERATION METADATA DOCUMENT is the
Metadata value.
WS Fed Issuer
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints
- Check the value displayed at WS-FEDERATION SIGN-ON ENDPOINT.
- The WS-Fed issuer value is the WS-FEDERATION SIGN-ON
ENDPOINT value. For example, “https://login.microsoftonline.com/99a15be7-1abe-4bed-a8d0-e3521bcb4cfe/wsfed”.
SAML Issuer Name
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click Endpoints
- Check the value displayed at WS-FEDERATION SIGN-ON ENDPOINT.
- The SAML Issuer Name value is the WS-FEDERATION SIGN-ON
ENDPOINT value without the “wsfed” part, but including the trailing
slash and a different first part of the URL. For example, the
WS-FEDERATION SIGN-ON ENDPOINT value is “https://login.microsoftonline.com/99a15be7-1abe-4bed-a8d0-e3521bcb4cfe/wsfed”,
and the SAML Issuer Name value is “https://sts.windows.net/99a15be7-1abe-4bed-a8d0-e3521bcb4cfe/”.
Keep in mind: The SAML Issuer Name value does not include “wsfed”
but it requires the trailing slash and a different first part of the URL.
Reply
- Go to Azure Active Directory.
- Click the active directory.
- Click App registrations.
- Click the application to open it.
- Click Authentication.
- This is your Reply value.
Note: The value should be in the lowercase and should include the
trailing slash, for example “http://domain/synergy/”.
Retrieving the information for Auth0
This section describes where and how you can retrieve all
the necessary values when using Auth0. Firstly, go to https://manage.auth0.com/.
Authority
- Go to Clients
and click the hyperlink to open the client.
- Click the Settings
tab.
- Refer to the Domain field, which is the Authority
value.
Authorization Endpoint
- Go to Clients and click
the hyperlink to open the client.
- Click the Settings tab.
- Click Show Advanced Settings.
- Click the Endpoints tab.
- Copy
the value at OAuth Authorization URL.
Client ID
- Go to Clients
and click the hyperlink to open the client.
- Click the Settings
tab.
- Refer to the Client ID field.
Client Secret
- Go to Clients and click
the hyperlink to open the client.
- Click the Settings tab.
- Copy the value at Client Secret.
Auth0 connection
- Go to Clients
and click the hyperlink to open the client.
- Click the Connections
tab.
- Refer to the connection that is being used. The
name of the connection is the value of Auth0
Connection.
SAML Issuer Name
- Go to Clients
and click the hyperlink to open the client.
- Click the Addons
tab.
- Click WS-FED WEB APP.
- On the Addon: WS-Fed (WIF) Web App page, click
the Usage tab.
- The value displayed at Issuer is the SAML issuer Name
value.
Thumbprint
- Go to Clients
and click the hyperlink to open the client.
- Click the Addons
tab.
- Click WS-FED WEB APP.
- On the Addon: WS-Fed (WIF) Web App page, click
the Usage tab.
- The value displayed at Signing Certificate
Thumbprint is your thumbprint value.
WS Fed Issuer
- Go to Clients
and click the hyperlink to open the client.
- Click the Addons
tab.
- Click WS-FED WEB APP.
- On the Addon: WS-Fed (WIF) Web App page, click
the Usage tab.
- The value at the Issuer attribute for the <wsFederation>
tag under the Windows Identity Foundation Configuration (.NET 4.5)
section is your WS-Fed issuer value.
JWT Issuer Name
- Go to Clients
and click the hyperlink to open the client.
- Click the Settings
tab.
- Refer to the Domain field, which is the Authority
value. The JWT Issuer Name is
“https://” followed by the Authority
value and a trailing slash, for example https://synergy-rt.auth0.com/.
Allowed Audience
- Go to Clients
and click the hyperlink to open the client.
- Click the Settings
tab.
- Refer to the Client ID field, which is the Allowed
Audience value.
Realm
- Go to Clients
and click the hyperlink to open the client.
- Click the Addons
tab.
- Click WS-FED WEB APP.
- On the Addon: WS-Fed (WIF) Web App page, click
the Settings tab.
- The value displayed at Realm is the Realm value.
Audience URI
- Go to Clients
and click the hyperlink to open the client.
- Click the Addons
tab.
- Click WS-FED WEB APP.
- On the Addon: WS-Fed (WIF) Web App page, click
the Settings tab.
- The value displayed at Realm is the Audience URI value.
Metadata
- Go to Clients
and click the hyperlink to open the client.
- Click the Addons
tab.
- Click WS-FED WEB APP.
- On the Addon: WS-Fed (WIF) Web App page, click
the Usage tab.
- The value displayed at Identity Provider
Federation Metadata URL is the Metadata
value.
Reply
- Go to Clients
and click the hyperlink to open the client.
- Click the Settings
tab.
- Refer to the Allowed Callback URLs field, which is your Reply value.
Note: The
value should be in the lowercase and should include the trailing slash, for
example “http://domain/synergy/”.
Token Endpoint
- Go to Clients and click
the hyperlink to open the client.
- Click the Settings tab.
- Click Show Advanced Settings.
- Click the Endpoints tab.
- Copy
the value at OAuth Token URL.
Related document
Main Category: |
Attachments & notes |
Document Type: |
Online help main |
Category: |
|
Security level: |
All - 0 |
Sub category: |
|
Document ID: |
27.788.106 |
Assortment: |
Exact Synergy Enterprise
|
Date: |
20-03-2020 |
Release: |
|
Attachment: |
|
Disclaimer |