Here I will tell as it is possible to use Microsoft Azure AD for authorization of users of Ununtu 14.04. That is, as in Ubuntu to make SSO with Microsoft Azure AD/Office 365.
1. Preliminary requirements
- Account Microsoft Azure AD / Office 365 (business)
- Ubuntu the server with connection to the Internet
2. Microsoft Azure AD setup
For a start, we go on Microsoft Azure Portal on manage.windowsazure.com or Ofis365 of the menu-> Admin-> Azure AD.
Then, we come into the necessary branch of the Active Directory (if you do not use difficult branching structure of AD, then there will be only one record).
We select "Applications" ("Application"):
We add the new application, having clicked "Add" ("to Add"):
We select "Add an application my organization is developing" ("To add the application developed by my organization"):
Think up the clear name for what this method of authorization will be used (for example, "Linux Test Servers"), we specify it in the field of "Name" ("Name"), and also we select type of the Native Client Application application ("Proprietary client application").
On the following page it is offered to enter "Redirect URI" ("URI redirection"). It is possible to specify any value similar to URI since this field will not affect anything, in this case.
The AD application is created! Further, we click "Configure" ("Setup").
We remember/write field value of "Client ID" ("The client's code") — it will be required to us still.
3. Ubuntu setup 14.04
We come on the server on SSH (in this case, the user of user123 to whom execution of the sudo commands is authorized):
We pass to root and we set git:
sudo su - apt-get install git
We clone git-repozitariya of github.com/bureado/aad-login:
git clone https://github.com/bureado/aad-login
We enter the sklonirovanny directory, we create directory/opt/aad-login, we copy aad-login.js package.json in / opt/aad-login/, we copy aad-login in / usr/local/bin/:
cd aad-login/ mkdir -p /opt/aad-login cp aad-login.js package.json /opt/aad-login/ cp aad-login /usr/local/bin/
We enter directory/opt/aad-login/, we install the npm application:
cd /opt/aad-login/ apt-get install npm
We install the required npm components:
We edit the./aad-login.js file:
We fill variable value of directory with your domain name which is used in Microsoft Azure AD/Office 365, and clientid — Client ID value ("The client's code"), earlier received on the Microsoft Azure AD portal:
We edit file/etc/pam.d/common-auth:
We add pam_exec challenge that it was the first in the list:
auth sufficient pam_exec.so expose_authtok /usr/local/bin/aad-login
We set nodejs:
apt-get install nodejs
We delete outdated node, we create the symbolical reference / usr/bin/nodejs-> / usr/bin/node:
apt-get --purge remove node ln -s /usr/bin/nodejs /usr/bin/node
We create users to whom the input is resolved (the password does not need to be set). Login of such users has to match email Alias. For example, we create the user of support whose email firstname.lastname@example.org.
useradd -m support
Everything is ready!
We try to enter under the created user and the password set in Microsoft Azure AD/Office 365.
This article is a translation of the original post at habrahabr.ru/post/274249/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: email@example.com.
We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.