null

That's what all the stuff at the end of https://github.com/NZTA/SDLT/blob/master/app/_config/auth.yml is for

Show 1 attachment(s)
app/_config/auth.yml

---
Name: azure_auth
---
SilverStripe\Core\Injector\Injector:
  Bigfork\SilverStripeOAuth\Client\Factory\ProviderFactory:
    properties:
      providers:
        'ActiveDirectory': '%$AzureProvider'
  AzureProvider:
    class: 'TheNetworg\OAuth2\Client\Provider\Azure'
    constructor:
      Options:
        # Taken from the "Application ID" ; Azure AD => App Registrations => {App}
        clientId: '`AZURE_CLIENT_ID`'
        # Create from Azure AD => App registrations => {App} => Settings => Keys
        clientSecret: '`AZURE_CLIENT_SECRET`'
        # From Azure AD => Properties => Directory ID
        tenant: '`AZURE_TENANT_ID`'
        # Add in Azure AD => App registrations => {App} => Reply URLs
        redirectUri: '`AZURE_OAUTH_CALLBACK`'
Bigfork\SilverStripeOAuth\Client\Authenticator\Authenticator:
  providers:
    'ActiveDirectory':
      name: 'NZTA'
      scopes: ['offline_access User.Read']
---
Name: oauth_properties
---
Bigfork\SilverStripeOAuth\Client\Mapper\GenericMemberMapper:
  mapping:
    'ActiveDirectory':
      'Email': 'upn'
      'FirstName': 'given_name'
      'Surname': 'family_name'
---
Name: app-auth-reset
After:
  - '#oauthauthenticator'
---
SilverStripe\Core\Injector\Injector:
  SilverStripe\Security\Security:
    properties:
      Authenticators: null
---
Name: app-auth
After:
  - '#app-auth-reset'
---
SilverStripe\Core\Injector\Injector:
  SilverStripe\Security\Security:
    properties:
      Authenticators:
        oauth: '%$Bigfork\SilverStripeOAuth\Client\Authenticator\Authenticator'
Hide attachment content
null

Yeah, if you copy mine verbatim it won't work... @kinglozzer updated the BigFork OAuth module with documentation after I raised this with him 🙂

null

ah, right, there's some other fuckery afoot in the YML files if I recall

null

Not sure about the saml authenticator, but the oauth one removes the default authenticator, so that block effectively adds it back in if the cookie is set to 1

null

yep, we needed to bypass an oauth authenticator

null

Do you just need the cookie based bypass?

null

sympathies friend, I'm feeling the same 😄

null

If there isn't I can raise one 🙂

👍 (1)