mod_sts allows you to setup Apache as an API gateway. There is currently no built in binaries available. The following instructions can be used to build and install this module in Apache on Ubuntu 18.
-
The v2 endpoints are renamed to
Microsoft Identity Platform
and should be preferred integration route for new apps. They are fully OAuth2/OIDC compliant. -
The
common
endpoint can be used for multi-tenant apps, which can sign-in users with personal accounts and/or multiples ad directories
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
- The above endpoint will serve login page where you can sign in with
all microsoft identities
(personal, school, work)
Auth0 offers passing extra whitelisted params to upstream IdPs. This feature can be used to pass initial screen/page
hint to the upstream IdP.
- PATCH the custom oauth connection to whitelist and alias the upstream param
curl -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IlFqVTVRVEpEUmpnd09UUXpOVGxFUlVZeFJURTRNams0TVRFMlFUUkVNVGxGTlRsRE5VWXlRUSJ9." -X PATCH -H "Content-Type: application/json" -d '{"options":{"upstream_params":{"initial_page":{"alias":"login_hint"}}}}' "https://{domain}.auth0.com/api/v2/connections/{id}"
- You can now pass
intial page
as standardlogin_hint
value and auth0 would translate this to the configured outgoing parameter.
- Create a volume to mount host director into container
docker volume create --driver local --opt device=/Users/zamd/tmp2/dotnetdev --opt type=none --opt o=bind devnet
- Start dotnet container with host directory
docker run -itd -v dotnetdev:/app e1a56dca783e
az storage blob copy start -u "https://appbuildstorage.blob.core.windows.net/releases/p-release-13130.vhd?sv=SAS-TOKEN" -c vhds -b p-release-13130.vhd --account-name zulfiqar --account-key ACNT-KEY
az storage blob show -c vhds -n p-release-13130.vhd --account-name zulfiqar --account-key KEYa-=====
Lock needs tenant/domain level connection information and when cname is enabled lock seems to hit info-v1
endpoint...
Have to override the assetsUrl to correct tenant url manually...
var customDomain = config.authorizationServer.url.replace('https://', '');
config.cdn = "https://cdn.au.auth0.com"
var tenant = config.auth0Domain.split('.')[0];
config.assetsUrl = config.cdn + "/tenants/v1/" + tenant + ".js";
This repo has runtime packages for various environments etc. This is bit deeper than the public facing download link at dot.net, which includes both SDK and runtimes...
Each runtime package is made up of 3 primary parts:
Most large enterprises run their own PKI infrastructure and it’s common to issue internal CA signed certificate to services - The Root CA certificate is pushed to domain-joined workstations with group policy etc.
For non-domain joined services (like linux hosts etc.) it’s common to manually trust root CA cert.
Docker deamon automatically picks up the trusted root CA list from the host and use it as it's trusted CA list... Following commands can be used to add a custom CA certficate as trusted CA in Ubuntu
- Go to /usr/share/ca-certificates/
- Add your custom CA cert to this folder as PEM encoded file with
.crt
extension
POST https:/{tenant}/oauth/introspect
` { "client_assertion": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL2FwaS5maW5pc2VuLmNvbSIsInN1YiI6Imh0dHBzOi8vYXBpLmZpbmlzZW4uY29tIiwiYXVkIjoiaHR0cHM6Ly96dWxmaXFhci5hdXRoMC5jb20vIiwiZXhwIjoxNzk4NzU0MTI3fQ.iYS-OdkUYP9vL1i9PFCL_llGla43TmhiAaGAg5cdeDJqfupFb5ZBeVs6vdGOEMGpCFgSJ3aGnZpfrlItvL3whcFaAKpAppFl17tUCAFHFxLZCyVO09pUcQ3y3lKBdmF3HoysmugfK-943R1o5S-91C_ASaU24NhnrOPA0UsUNekqotHCVTr9V6TFIh8qAJPwLbd7Q0GyEAxx6Jj_-_E0k6Un4b6AUEh54A8DDkeodCq1D7KplJMNYoHLW4UCPFKg-5DcB1TAwuHdaIprqKdlipg_RUd6UtK4l66GiKYkXo_onl1B04oCPOxsnwUmYBBNf4vHFEjKArPiOxANretv3A", "client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", "token": "bw6xGRqEjBQUr9FxJTfp"