Authorization in CentOS through Microsoft Azure AD / Office 365
All users of Microsoft Office 365 (for business) are authenticated through Microsoft Azure AD. So, when adding each new user (email) to Office 365, a corresponding entry is automatically created for him in Microsoft Azure AD.
Earlier, I talked about how you can use Microsoft Azure AD to authorize Ubuntu 14.04 users. That is, how to do SSO with Microsoft Azure AD / Office 365 in Ubuntu. Now I'll tell you how you can do the same in CentOS 7.
First you need to create a separate application in Microsoft Azure AD in order for the system to allow the processing of authorization requests. How to do it - I fully described in p.2 of habrahabr.ru/post/274249
Go to the server via SSH (in this case, the user user123, who is allowed to execute sudo commands), go to root and install epel-release
')
Install git, npm, nodejs
We clone git-repository github.com/bureado/aad-login
Enter the cloned directory, create the / opt / aad-login directory, copy aad-login.js package.json to / opt / aad-login /, copy aad-login to / usr / local / bin /
Enter the / opt / aad-login / directory, install the required npm components
Edit the file ./aad-login.js
Fill in the value of the directory variable with your domain name, which is used in Microsoft Azure AD / Office 365, and clientid, with the value “Client ID” (“Client Code”) previously obtained on the Microsoft Azure AD portal
Edit the /etc/pam.d/sshd file (and / or /etc/pam.d/system-auth, if necessary)
Add a call to pam_exec so that it is first on the list.
We create users who are allowed to log in (no need to set a password). Login of these users must match with Alias ​​email. For example, create a user support whose email is support@aspanta.onmicrosoft.com.
All is ready!
We try to log in with the created user and password set in Microsoft Azure AD / Office 365.
Earlier, I talked about how you can use Microsoft Azure AD to authorize Ubuntu 14.04 users. That is, how to do SSO with Microsoft Azure AD / Office 365 in Ubuntu. Now I'll tell you how you can do the same in CentOS 7.
1. Prerequisites
- Microsoft Azure AD / Office 365 (business) account
- CentOS server with internet connection
- In CentOS server must be disabled "Enforcing" mode SElinux
2. Configure Microsoft Azure AD
First you need to create a separate application in Microsoft Azure AD in order for the system to allow the processing of authorization requests. How to do it - I fully described in p.2 of habrahabr.ru/post/274249
3. Setting up CentOS 7
Go to the server via SSH (in this case, the user user123, who is allowed to execute sudo commands), go to root and install epel-release
sudo su - yum install epel-release ')
Install git, npm, nodejs
yum install git npm nodejs We clone git-repository github.com/bureado/aad-login
git clone https://github.com/bureado/aad-login Enter the cloned directory, create the / opt / aad-login directory, copy aad-login.js package.json to / opt / aad-login /, copy aad-login to / usr / local / bin /
cd aad-login/ mkdir -p /opt/aad-login cp aad-login.js package.json /opt/aad-login/ cp aad-login /usr/local/bin/ Enter the / opt / aad-login / directory, install the required npm components
cd /opt/aad-login/ npm install Edit the file ./aad-login.js
Fill in the value of the directory variable with your domain name, which is used in Microsoft Azure AD / Office 365, and clientid, with the value “Client ID” (“Client Code”) previously obtained on the Microsoft Azure AD portal
Edit the /etc/pam.d/sshd file (and / or /etc/pam.d/system-auth, if necessary)
Add a call to pam_exec so that it is first on the list.
auth sufficient pam_exec.so expose_authtok /usr/local/bin/aad-login
We create users who are allowed to log in (no need to set a password). Login of these users must match with Alias ​​email. For example, create a user support whose email is support@aspanta.onmicrosoft.com.
useradd support All is ready!
We try to log in with the created user and password set in Microsoft Azure AD / Office 365.
Source: https://habr.com/ru/post/274255/
All Articles