Hope you can help with, we are building a new customer portal and would like to use Azure B2C for various reasons including the need to interface with MS Dynamics CE. However, our tech stack is PHP, Slim to be precise.
Does anyone have experience of delivering a fully functioning production app with this configuration?
Would love to hear from you and have your assistance.
Please get in touch.
Thanks, Duong.
To deploy the PHP Web Application using Azure AD B2C,follow the below steps :
Install PHP, Laravel (it's web framework).
Create a Web App in Azure Portal B2C blade by noting the ClientID and Client Secret from the Application.
Clone and customize the source code from github: git clone https://github.com/Azure-Samples/active-directory-b2c-php-webapp-openidconnect.git
Download the latest version of the php security library in your repo.
To deploy into Azure, you need to set-up the Deployment settings by selecting Local Git Repository and setting up the username and password for deployment.
git init and git remote add azure [deployment url] commands are used to set up deployment to azure.
git push azure master to deploy online.
Instead of depending on their own code, developers can rely on B2C for consumer sign up and sign in.
Using OpenID Connect, we can validate the authentication token of the users connected with the Azure B2C of the PHP Web Application.
Please refer this GitHub article for code and more information.
I've implemented B2C integration on Azure with a Slim 4 application, what is it you need to know?
In short:
Set up B2C in Azure
Set up Client ID en Secret in external provider and store in Azure Key Vault
Create a middleware service that looks for the client token in requests for the routes you want to protect
I haven't written a blog about it yet, but expect one in March at www.azurephp.dev with a working example using Slim 4. In the mean time, I hope this short answer works for you. If not, ping me.
Related
I wrote a simple Application in HTML with a form. I submit the form into a PHP file and insert the data into a database.
I created an App Service on Azure Portal + MySQL database
It took me a while to get the git Pipeline going (So Git - Azure Portal - deploying into a Webservice)
If I submit my form, the data will go to the database just fine.
Now I wanted to extend everything with a monitoring tool. So I tried Application Insights. But unfortunately, that doesn't work. If I understand it correctly it's because of the PHP file or to be exact the Php Stackruntime on Azure.
Is it possible to the monitoring anyway somehow? I only have experience in Php and Html a little bit of Java and Javascript.
Thanks.
I have deployed sample PHP App to Azure App Service.
So I tried Application Insights. But unfortunately, that doesn't work.
I have checked with both PHP 8.0 and 8.1 runtime version. The Application Insights option is disabled for PHP.
Thanks #Dmitry-Matveev for the Application Insights SDK.
Is it possible to the monitoring anyway somehow?
Check the below steps to Monitor Azure PHP App Service.
Way 1:
Check the Logs under Monitoring.
Way 2:
Enable Application logging (File System).
Navigate to the Log stream to check the Live metrics.
Also, we can check the metrics section to monitor the App.
I work as an intern in my college and we want to build an app. Of course, our university has an active directory and we use Azure and Azure also has our AD. I am building the front-end and need to implement login using Azure AD SSO. How could I do that? Any help would be highly appreciated.
Thanks.
• You can refer the below code to add the identity provider’s authentication connection settings in the php application configuration files. The following code will help you to add a section to your existing php web app code in authentication sources file to configure and provision SSO through azure AD.
• Once the above code has been placed and configured in the PHP application, now add the PHP application in app registrations in Azure AD and provide the web redirect URI for your PHP application and provide the SSO configuration details in the SSO pane like federation metadata URL, SAML or WS-Fed Sign in or sign out URLs. Once done, check the below code for confirmation of SAML endpoint URL for the Azure AD configured in the PHP authentication config file.
• The below snapshot shows the how the SAML token authentication is redirected to Azure AD and its configuration in PHP app. Also, how its attributes and claims are passed from the Azure AD to the PHP app for service granting and authentication purposes.
Thus, in this way, you can configure a PHP application to authenticate with Azure AD through SSO. Please find the below links for more information: -
https://channel9.msdn.com/Blogs/Open/Using-SimpleSAML-to-authenticate-PHP-applications-with-Azure-AD
https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-vs-authorization#web-application-to-web-api
We have been developing a multi platform project which will eventually have an Android app, an iOS app and a web application. We are impressed with the features offered by Google Firebase therefore trying to leverage the opportunities.
Since our product is a multitenant software-as-a-service application we have custom authentication requirements. Therefore we followed the custom authentication implementation path of Firebase and it is functional now.
Our mobile clients send login requests to our API server,
Our API server issues customTokens and reponds them back to the clients,
Clients call signInWithCustomToken(customToken) method to sign in to Firebase.
So far so good.
What the issue is, our backend is in PHP and Firebase doesn't have an official Admin SDK for PHP. Yes, there is a package called kreait/firebase-php on Composer however it is far away from covering all of the Auth Admin SDK features. For example, there is a documented disable-user feature which is available on Firebase Admin SDK, however that operation is not implemented on the kreait/firebase-php package.
On the other hand Firebase has a Auth Rest API which just works with the API KEY. However, (I suppose ) it is designed to work on the client side therefore it just has operations for the authenticated user.
Our API server is already hosted on Google Compute Cloud and has the maximum set of access permissions on the Google Cloud services.
We have the Firebase service account file to work with the Firebase Auth services.
What we need is to consume all available Firebase Admin SDK features (possibly via Rest). For example, we would like to call revokeRefreshToken(uid) when a user changes his/her password on one of his/her devices.
Since at this specific issue there isn't any documentation, what would you advise us to do?
Update (25 January 2018)
The above mentioned missing endpoints on the Firebase unofficial PHP Admin SDK are now implemented by the maintainer after a productive discussion on a Github issue. However, I would like keep this question open since the nature of the question is asking for ideas for further collaboration and discussion.
Maintainer of said unofficial PHP SDK here :). You already have updated your original post to include that the SDK now supports the features that were missing.
I am posting this as a dedicated answer to be visible to people arriving here and searching for answers as well.
Although the Admin SDK for PHP is still not feature complete, we are getting there. I added feature matrix to the README of the Github project so that you can quickly see what is available and what isn't.
Going forward, I will implement new features by either implementing things similarly to the official Admin SDKs (especially https://github.com/firebase/firebase-admin-node) and by using the existing libraries provided by the Google Cloud Platform Library.
At some point in the future, Google will certainly provide all the necessary building blocks to use Firebase efficiently with PHP, but until then, I am happy about every happy PHP developer using my library :).
FYI: I just released a new version (4.1.0) which includes support for Firebase Cloud Storage and did in fact use the google/cloud-storage for that.
I think you can use the Identity Toolkit libraries provided by Google. Here's the one for PHP: https://github.com/google/identity-toolkit-php-client
Seeking for guidance on the subject as I'm really stuck on this, I have a internal URL for an App made on PHP and I want to connect to Azure Active Directory.
So far I've reviewed an example from Microsoft using SimpleSAML but it's really outdated and I'm having troubles adapting it for the newer SimpleSAMl code.
Is there a better way to integrate a web application with Azure AD? I read somewhere that I may use Get started with Mobile Services but I would like to hear from previous experiences on what is the best/current method for using Azure AD for login on PHP?.
-- EDIT --
By integrate I mean to allow people authenticate and retrieve the email address or EmployeeID from the Azure AD to provide SSO support.
There are several scenarios Azure AD supports, depend on what you use Azure AD for. Basically, to access the resources via Azure AD from PHP web application, you can refer to Web Application to Web API section to understand this scenario and get started.
To integrate Azure AD in PHP web applications, we need to follow authorization code grant flow steps to build several custom HTTP requests. E.G. To get access token via OAuth 2.0 protocol, we should refer to the steps on Authorization Code Grant Flow, generally, we will build 2 HTTP requests to get access token:
1,Request an authorization code
The build-up URL will redirect to the sso page, after login we can get the code value which will be used in next step.
2,Use the Authorization Code to Request an Access Token:
Then we can use the access token to add the JWT string with a “Bearer” designation in the Authorization header of the request to the resource web API.
Here is a PHP test project provided by Azure for your reference.
we are migrating our AD to Azure AD and we would like to have SSO support for the internal web apps, so that when they log in into their PCs the use the azure app proxy and they're signed automatically on the PHP web apps. Is this possible?
#Vladimir, Base on my experience, it is possible. There are some scenarios you can refer to. You may need use Azure AD Connect to sync your local AD to Azure AD, and enable Azure AD SSO to integrate with you php application in your scenario.
Firstly, If you wants to integrate your On-premise AD on Azure AD, you should use the tool -- Azure AD Connect, which is used to sync up your AD into Azure AD. Please see this tutorials and video. For this action, you need have the IT administrator permission.
Secondly, you need use Federated Single Sign-On and other methods for your application on Azure Portal. You may need to configure your PHP application like this video:https://channel9.msdn.com/Blogs/Open/Using-SimpleSAML-to-authenticate-PHP-applications-with-Azure-AD.
And if you wants to get the users information, you may need use Azure Graph API as Gary's post.
I've been developing a project using php that my students use to take quizes (that moodle can't do itself) Now I would like to integrate moodle and my project such that my project authenticates against moodle users and reports grades into a courses gradebook. I've so far been authenticating using direct database reading but I'm very hesitant to do writes to the moodle database. I'm also aware of LTI; I am open to using it but the human readable documentation and any samples are impossible to find. If you could provide me a sample or documentation thats less theory and more applicable for LTI it would be greatly appreciated.
Thanks in advance.
To do this you need to use the Web Services API. You need to setup a web service first, see Using web services. The entire API documentation is available on your Moodle site via Administration > Plugins > Web services > API Documentation.
You need to use moodle's External Tool, which is created precisely for this kind of uses. External tool uses LTI in the background to send user, course, role etc information to an external application and the external application can even send back scores to moodle if configured as a quiz.
Check out : https://docs.moodle.org/23/en/External_tool
You will also have to make your quiz taking app, an LTI provider.
This open source package is out of the box package to create LTI provider in ruby - https://github.com/instructure/ims-lti
There are similar tools in other languages too, but this one is the most polished one.