Skip to content

Instantly share code, notes, and snippets.

@vrabbi

vrabbi/AZURE_AD_TAP_PREREQS.md

Created April 18, 2023 10:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save vrabbi/6eaa81c65d5be3c4fd4c7c695e5c9393 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save vrabbi/6eaa81c65d5be3c4fd4c7c695e5c9393 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
AZURE_AD_TAP_PREREQS.md

Tanzu Application Platform AzureAD authentication

1. AzureAD Authentication Provider

In order to allow GUI authentication to Tanzu Application Platform via AzureAD, we will implement AzureAD Authentication Provider for Backstage.

1.1. Create an OAuth App on AzureAD

To add AzureAD authentication, you must create either a AzureAD App, or an OAuth App from the AzureAD developer settings. The Homepage URL should point to Backstage's frontend, while the Authorization callback URL will point to the auth backend.

Settings for local development:

  1. Application name: TAP-Backstage (or your custom app name)
  2. Homepage URL: http://DOMAIN-NAME
  3. Authorization callback URL: http://DOMAIN-NAME/api/auth/github/handler/frame

1.2. Auth Configuration

tap-gui:
  app_config:
    auth:
      environment: development
      providers:
        microsoft:
          development:
            clientId: ${AUTH_MICROSOFT_CLIENT_ID}
            clientSecret: ${AUTH_MICROSOFT_CLIENT_SECRET}
            tenantId: ${AUTH_MICROSOFT_TENANT_ID}

Where:

  1. clientId: Application (client) ID, found on App Registration > Overview.
  2. clientSecret: Secret, found on App Registration > Certificates & secrets.
  3. tenantId Directory (tenant) ID, found on App Registration > Overview
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment