Developers Club geek daily blog

1 year, 8 months ago
All users of Microsoft Office 365 (for business) pass authorization through Microsoft Azure AD. So, when adding each new user (email) in Office 365, for it the corresponding record in Microsoft Azure AD is automatically created.

Here I will tell as it is possible to use Microsoft Azure AD for authorization of users of Ununtu 14.04. That is, as in Ubuntu to make SSO with Microsoft Azure AD/Office 365.

1. Preliminary requirements


  • Account Microsoft Azure AD / Office 365 (business)
  • Ubuntu the server with connection to the Internet

2. Microsoft Azure AD setup


For a start, we go on Microsoft Azure Portal on manage.windowsazure.com or Ofis365 of the menu-> Admin-> Azure AD.
Then, we come into the necessary branch of the Active Directory (if you do not use difficult branching structure of AD, then there will be only one record).

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We select "Applications" ("Application"):

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We add the new application, having clicked "Add" ("to Add"):

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We select "Add an application my organization is developing" ("To add the application developed by my organization"):

Authorization in Ubuntu through Microsoft Azure AD/Office 365

Think up the clear name for what this method of authorization will be used (for example, "Linux Test Servers"), we specify it in the field of "Name" ("Name"), and also we select type of the Native Client Application application ("Proprietary client application").

Authorization in Ubuntu through Microsoft Azure AD/Office 365

On the following page it is offered to enter "Redirect URI" ("URI redirection"). It is possible to specify any value similar to URI since this field will not affect anything, in this case.

Authorization in Ubuntu through Microsoft Azure AD/Office 365

The AD application is created! Further, we click "Configure" ("Setup").

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We remember/write field value of "Client ID" ("The client's code") — it will be required to us still.

Authorization in Ubuntu through Microsoft Azure AD/Office 365

3. Ubuntu setup 14.04


We come on the server on SSH (in this case, the user of user123 to whom execution of the sudo commands is authorized):

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We pass to root and we set git:

sudo su -
apt-get install git

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We clone git-repozitariya of github.com/bureado/aad-login:

git clone https://github.com/bureado/aad-login

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We enter the sklonirovanny directory, we create directory/opt/aad-login, we copy aad-login.js package.json in / opt/aad-login/, we copy aad-login in / usr/local/bin/:

cd aad-login/
mkdir -p /opt/aad-login
cp aad-login.js package.json /opt/aad-login/
cp aad-login /usr/local/bin/

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We enter directory/opt/aad-login/, we install the npm application:

cd /opt/aad-login/
apt-get install npm

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We install the required npm components:

npm install

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We edit the./aad-login.js file:

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We fill variable value of directory with your domain name which is used in Microsoft Azure AD/Office 365, and clientid — Client ID value ("The client's code"), earlier received on the Microsoft Azure AD portal:

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We edit file/etc/pam.d/common-auth:

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We add pam_exec challenge that it was the first in the list:

auth sufficient pam_exec.so expose_authtok /usr/local/bin/aad-login
Authorization in Ubuntu through Microsoft Azure AD/Office 365

We set nodejs:

apt-get install nodejs

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We delete outdated node, we create the symbolical reference / usr/bin/nodejs-> / usr/bin/node:

apt-get --purge remove node
ln -s /usr/bin/nodejs /usr/bin/node

Authorization in Ubuntu through Microsoft Azure AD/Office 365

We create users to whom the input is resolved (the password does not need to be set). Login of such users has to match email Alias. For example, we create the user of support whose email support@aspanta.onmicrosoft.com.

useradd -m support

Authorization in Ubuntu through Microsoft Azure AD/Office 365

Everything is ready!

We try to enter under the created user and the password set in Microsoft Azure AD/Office 365.

Authorization in Ubuntu through Microsoft Azure AD/Office 365

This article is a translation of the original post at habrahabr.ru/post/274249/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus