Developers Club geek daily blog

1 year, 3 months ago
All users of Microsoft Office 365 (for business) pass authorization through Microsoft Azure AD. So, when adding each new user (email) in Office 365, for it the corresponding record in Microsoft Azure AD is automatically created.

Earlier I told about how it is possible to use Microsoft Azure AD for authorization of users of Ununtu 14.04. That is, as in Ubuntu to make SSO with Microsoft Azure AD/Office 365. Now I will tell as it is possible to make the same in CentOS 7.

1. Preliminary requirements


  • Account Microsoft Azure AD / Office 365 (business)
  • CentOS the server with connection to the Internet
  • In CentOS the server has to be turned off by "Enforcing" the SElinux mode

2. Microsoft Azure AD setup


For a start it is necessary to create the stand-alone program in Microsoft Azure AD in order that the system permitted authorization request processing. As to make it — I completely described in the item 2 habrahabr.ru/post/274249

3. CentOS 7 setup


We come on the server on SSH (in this case, the user of user123 to whom execution of the sudo commands is authorized), we pass to root and we set epel-release
sudo su -
yum install epel-release

Authorization in CentOS through Microsoft Azure AD/Office 365

We set git, npm, nodejs
yum install git npm nodejs

Authorization in CentOS through Microsoft Azure AD/Office 365

We clone git-repozitariya of github.com/bureado/aad-login
git clone https://github.com/bureado/aad-login

Authorization in CentOS through Microsoft Azure AD/Office 365

We enter the sklonirovanny directory, we create directory/opt/aad-login, we copy aad-login.js package.json in / opt/aad-login/, we copy aad-login in / usr/local/bin/
cd aad-login/
mkdir -p /opt/aad-login
cp aad-login.js package.json /opt/aad-login/
cp aad-login /usr/local/bin/

Authorization in CentOS through Microsoft Azure AD/Office 365

We enter directory/opt/aad-login/, we install the required npm components
cd /opt/aad-login/
npm install

Authorization in CentOS through Microsoft Azure AD/Office 365

We edit the./aad-login.js file
Authorization in CentOS through Microsoft Azure AD/Office 365

We fill variable value of directory with your domain name which is used in Microsoft Azure AD/Office 365, and clientid — Client ID value ("The client's code"), earlier received on the Microsoft Azure AD portal
Authorization in CentOS through Microsoft Azure AD/Office 365

We edit file/etc/pam.d/sshd (and/or / etc/pam.d/system-auth if it is necessary)
Authorization in CentOS through Microsoft Azure AD/Office 365

We add pam_exec challenge that it was the first in the list
auth sufficient pam_exec.so expose_authtok /usr/local/bin/aad-login
Authorization in CentOS through Microsoft Azure AD/Office 365

We create users to whom the input is resolved (the password does not need to be set). Login of such users has to match email Alias. For example, we create the user of support whose email support@aspanta.onmicrosoft.com.
useradd support

Authorization in CentOS through Microsoft Azure AD/Office 365

Everything is ready!
We try to enter under the created user and the password set in Microsoft Azure AD/Office 365.
Authorization in CentOS through Microsoft Azure AD/Office 365

This article is a translation of the original post at habrahabr.ru/post/274255/
If you have any questions regarding the material covered in the article above, please, contact the original author of the post.
If you have any complaints about this article or you want this article to be deleted, please, drop an email here: sysmagazine.com@gmail.com.

We believe that the knowledge, which is available at the most popular Russian IT blog habrahabr.ru, should be accessed by everyone, even though it is poorly translated.
Shared knowledge makes the world better.
Best wishes.

comments powered by Disqus