diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/admin_handbook.md | 18 | ||||
| -rw-r--r-- | docs/azure.json | 161 |
2 files changed, 176 insertions, 3 deletions
diff --git a/docs/admin_handbook.md b/docs/admin_handbook.md index 92f8d20..702a049 100644 --- a/docs/admin_handbook.md +++ b/docs/admin_handbook.md @@ -47,6 +47,18 @@ Using the same database for different versions of CCASS is currently unsupported ## Microsoft Entra ID setup -```json - -``` +A Web redirect URL is needed and must be set to `/auth` from the base of the accessible URL. “ID tokens” must be selected. The following optional claims must be configured: +* `email` +* `family_name` +* `given_name` +* `preferred_username` +* `groups` (ID tokens must be configured to receive Group IDs) + +The application needs the following delegated permissions: +* `email` +* `offline_access` +* `openid` +* `profile` +* `User.Read` + +[An example manifest](./azure.json) is available. diff --git a/docs/azure.json b/docs/azure.json new file mode 100644 index 0000000..93f349a --- /dev/null +++ b/docs/azure.json @@ -0,0 +1,161 @@ +{ + "id": "bf3b7abf-cc3a-4abd-8a34-b129cd649e6a", + "deletedDateTime": null, + "appId": "e8101cb5-84a3-49d7-860b-e5a75e63219a", + "applicationTemplateId": null, + "disabledByMicrosoftStatus": null, + "createdDateTime": "2024-09-07T06:06:54Z", + "displayName": "CCA Selection System", + "description": null, + "groupMembershipClaims": "All", + "identifierUris": [], + "isDeviceOnlyAuthSupported": null, + "isFallbackPublicClient": null, + "isManagementRestricted": null, + "nativeAuthenticationApisEnabled": null, + "notes": "", + "publisherDomain": "ykpaoschool.cn", + "serviceManagementReference": null, + "signInAudience": "AzureADMyOrg", + "tags": [], + "tokenEncryptionKeyId": null, + "samlMetadataUrl": null, + "defaultRedirectUri": null, + "certification": null, + "requestSignatureVerification": null, + "addIns": [], + "api": { + "acceptMappedClaims": null, + "knownClientApplications": [], + "requestedAccessTokenVersion": null, + "oauth2PermissionScopes": [], + "preAuthorizedApplications": [] + }, + "appRoles": [], + "info": { + "logoUrl": null, + "marketingUrl": null, + "privacyStatementUrl": null, + "supportUrl": null, + "termsOfServiceUrl": null + }, + "keyCredentials": [], + "optionalClaims": { + "accessToken": [ + { + "additionalProperties": [], + "essential": false, + "name": "groups", + "source": null + } + ], + "idToken": [ + { + "additionalProperties": [], + "essential": false, + "name": "email", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "family_name", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "given_name", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "preferred_username", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "groups", + "source": null + } + ], + "saml2Token": [ + { + "additionalProperties": [], + "essential": false, + "name": "groups", + "source": null + } + ] + }, + "parentalControlSettings": { + "countriesBlockedForMinors": [], + "legalAgeGroupRule": "Allow" + }, + "passwordCredentials": [], + "publicClient": { + "redirectUris": [] + }, + "requiredResourceAccess": [ + { + "resourceAppId": "00000003-0000-0000-c000-000000000000", + "resourceAccess": [ + { + "id": "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0", + "type": "Scope" + }, + { + "id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182", + "type": "Scope" + }, + { + "id": "37f7f235-527c-4136-accd-4a02d197296e", + "type": "Scope" + }, + { + "id": "14dad69e-099b-42c9-810b-d002981feec1", + "type": "Scope" + }, + { + "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", + "type": "Scope" + } + ] + } + ], + "verifiedPublisher": { + "displayName": null, + "verifiedPublisherId": null, + "addedDateTime": null + }, + "web": { + "homePageUrl": null, + "logoutUrl": null, + "redirectUris": [ + "https://cca.runxiyu.org/auth" + ], + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + }, + "redirectUriSettings": [ + { + "uri": "https://cca.runxiyu.org/auth", + "index": null + } + ] + }, + "servicePrincipalLockConfiguration": { + "isEnabled": true, + "allProperties": true, + "credentialsWithUsageVerify": true, + "credentialsWithUsageSign": true, + "identifierUris": false, + "tokenEncryptionKeyId": true + }, + "spa": { + "redirectUris": [] + } +} |