How to configure Azure AD to work with Sitecore Identity Server?
Sitecore Asked by Corey Burnett on August 23, 2021
I am trying to set up Sitecore 9.1.1 Identity Server to act as a Federation Gateway with Azure AD as described https://doc.sitecore.com/developers/91/sitecore-experience-management/en/use-the-sitecore-identity-server-as-a-federation-gateway.html.
What isn’t clear to me is how to register the Sitecore site in Azure AD. I am assuming that in Azure AD you have to configure a Redirect URI or some sort of Reply URL to tell Azure AD where to go after successful authentication. The Sitecore documentation doesn’t really specify.
In the Sitecore documentation it links you to this for configuring Azure AD (https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-protocols-openid-connect-code). In that documentation it says "Provide the Redirect URI. For Web Applications, this is the base URL of your app where users can sign in." That leads me to believe that the Redirect URI should be https://[SI Server Host Name]/account/login since that is the page I go to when I want to log in. However the Sitecore documentation also mentions this URI – https://[SI Server Host Name]/signin-oidc. I have no idea at all what that /signin-oidc thing is as when I try to go to that on my Identity Server I get a 404 error.
Does anyone know exactly what I should put in ADFS for the Redirect URI? Also the Sitecore documentation mentions the ReplyURLs setting in the Application Manifest. Although it isn’t clear what they mean by that I am guessing they mean the Application Manifest in the Azure AD setup.
2 Answers
To register Sitecore site in Azure AD:
- You need to navigate to ‘App registration’ under your Azure AD module.
- Click on ‘New Registration’, give this app a valid name and select the organization tenant.
- Enter the Sitecore identity server URL (append /signin-oidc) in the ‘Redirect URI’ field.
I've noted down all the steps in details to configure Azure AD with Sitecore identity sever, you can have a look here:
https://sitecorewithraman.wordpress.com/2021/01/01/sitecore-cms-azure-ad-integration/
Answered by Raman Gupta on August 23, 2021
I figured out the problem I was having. It turns out that the steps laid out in this post are exactly correct (https://sitecore.derekc.net/setting-up-azure-active-directory-integration-with-sitecore-identity-server-sitecore-9-1/). What was happening for some reason is that after authentication on the Azure AD instance, Azure AD was sending a GET request to https://[SI Server Host Name]/signin-oidc. My guess is that the controller on the Identity Server is only set up to accept a POST, not a GET. So it was returning a 404 since no MVC route matched a GET request. I can't quite figure out why the Identity Server was receiving a GET request. This was all happening on an on-prem 9.1.1 instance that lives on the client's network. I was able to set up a completely separate 9.1.1 instance in Azure and it worked great authenticating against the exact same Azure AD instance. So that tells me there is something wrong with the on-prem 9.1.1 instance or maybe the client's network that was causing the POST form Azure AD to somehow become just a GET - which then caused the 404 error.
Answered by Corey Burnett on August 23, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Answers
- Joshua Engel on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?