Versions Compared

Old Version 2

changes.mady.by.user Mr. Schmittberger

Saved on

compared with

New Version 3

changes.mady.by.user Mr. Schmittberger

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Login to the Azure Entra Admin Center (https://entra.microsoft.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade/quickStartType~/null/sourceType/Microsoft_AAD_IAM) with an administrative account.

  • If not already there, choose from the left menu “Identity” → “Applications” → “App registrations” .

    image-20241022-154151.png

  • Click on “New registration” .

  • On the new page, enter an arbitrary name for the App registration - for example “yuuvis RAD OAuth2”

  • Choose the Account type - the default / first selection is ok if you plan to authenticate only with users of this Entra ID tenant. Otherweise choose one of the other options.

  • At the menu “Redirect URI” choose “WEB” “Web” and enter the URL to the yuuvis RAD gateway (instance) that you want to use with OAuth2, postfixed with “/login/oauth2/code/azure” - for example https://yuuvis.mycompany.com/login/oauth2/code/azure.

  • Click on register.

    image-20241022-171430.png

  • The overview page of the new app registration is shown. Save the “Application (client) id” and the “Directory (tenant) id” for later use.

  • Also savethe save the “issuer URI” https://login.microsoftonline.com/<Directory (tenant) id>/v2.0 for later use. Replace <Directory (tenant) id> with the ID saved in the previous step.

    image-20241022-171658.png

  • Click on the left menu entry “Certificates and secrets” and click on “New client secret”.

  • In the new dialog enter an arbitrary name for the secret - for example “yuuvis RAD OAuth2 Client Secret” - and choose an expiry interval. Then click add.

  • Save the value of the newly created secret for later use.
    (Attention: You can only copy the value now. Later on it will be hidden and you cannot access it anymore.)

    image-20241022-161602.png

  • Click on the left menu entry “Authentication”.

  • If you have multiple addresses for the yuuvis RAD gateway, then you can (optionally) add these URIs to the list of Redirect URIs now - always postfix with “/login/oauth2/code/azure”.

  • Under the “Front-Channel Logout URL” title, enter the URL to the Logout Endpoint logout endpoint of the Gateway - this is per Default “/logout” - so the URL would examplary be https://yuuvisrad.optimal-systems.de/logout .

  • Tick the checkbox “ID tokens (used for implicit and hybrid flows)” .

  • Click on Save.

    image-20241022-172543.png

  • Finished.

  • Proceed with the gateway confniguration - you will need the issuer-uri, the client id (Appliction (client) id) and the client secret (the value of the created secret).

...