From eb594d3e87cd3e1f5c0b9f6a273b02b142b53b8f Mon Sep 17 00:00:00 2001 From: Runxi Yu Date: Tue, 15 Oct 2024 16:10:05 +0800 Subject: Add example Azure manifest --- Makefile | 7 ++- docs/admin_handbook.md | 18 +++++- docs/azure.json | 161 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 181 insertions(+), 5 deletions(-) create mode 100644 docs/azure.json diff --git a/Makefile b/Makefile index f883bca..f47698c 100644 --- a/Makefile +++ b/Makefile @@ -6,12 +6,12 @@ default: dist/cca docs iadocs cca: dist/cca -docs: dist/docs/admin_handbook.html dist/docs/cca.scfg.example +docs: dist/docs/admin_handbook.html dist/docs/cca.scfg.example dist/docs/azure.json iadocs: dist/iadocs/index.html dist/iadocs/cover_page.htm dist/iadocs/appendix.pdf dist/iadocs/crita_planning.pdf dist/iadocs/critb_design.pdf dist/iadocs/critb_recordoftasks.htm dist/iadocs/critc_development.pdf dist/iadocs/critd_functionality.pdf dist/iadocs/crite_evaluation.pdf # Final binary which tries to embed stuff -dist/cca: go.* *.go build/static/style.css build/static/student.js templates/* build/docs/admin_handbook.html build/docs/cca.scfg.example build/iadocs/index.html build/iadocs/cover_page.htm build/iadocs/appendix.pdf build/iadocs/crita_planning.pdf build/iadocs/critb_design.pdf build/iadocs/critb_recordoftasks.htm build/iadocs/critc_development.pdf build/iadocs/critd_functionality.pdf build/iadocs/crite_evaluation.pdf .editorconfig .gitignore .gitattributes scripts/* sql/* docs/* iadocs/* README.md LICENSE Makefile +dist/cca: go.* *.go build/static/style.css build/static/student.js templates/* build/docs/admin_handbook.html build/docs/cca.scfg.example build/docs/azure.json build/iadocs/index.html build/iadocs/cover_page.htm build/iadocs/appendix.pdf build/iadocs/crita_planning.pdf build/iadocs/critb_design.pdf build/iadocs/critb_recordoftasks.htm build/iadocs/critc_development.pdf build/iadocs/critd_functionality.pdf build/iadocs/crite_evaluation.pdf .editorconfig .gitignore .gitattributes scripts/* sql/* docs/* iadocs/* README.md LICENSE Makefile mkdir -p dist go build -o $@ @@ -25,6 +25,9 @@ build/docs/%.html: docs/%.md docs/handbook.css build/docs/cca.scfg.example: docs/cca.scfg.example mkdir -p build/docs cp $< $@ +build/docs/azure.json: docs/azure.json + mkdir -p build/docs + cp $< $@ # IA documentation dist/iadocs/%.pdf: build/iadocs/%.pdf diff --git a/docs/admin_handbook.md b/docs/admin_handbook.md index 92f8d20..702a049 100644 --- a/docs/admin_handbook.md +++ b/docs/admin_handbook.md @@ -47,6 +47,18 @@ Using the same database for different versions of CCASS is currently unsupported ## Microsoft Entra ID setup -```json - -``` +A Web redirect URL is needed and must be set to `/auth` from the base of the accessible URL. “ID tokens” must be selected. The following optional claims must be configured: +* `email` +* `family_name` +* `given_name` +* `preferred_username` +* `groups` (ID tokens must be configured to receive Group IDs) + +The application needs the following delegated permissions: +* `email` +* `offline_access` +* `openid` +* `profile` +* `User.Read` + +[An example manifest](./azure.json) is available. diff --git a/docs/azure.json b/docs/azure.json new file mode 100644 index 0000000..93f349a --- /dev/null +++ b/docs/azure.json @@ -0,0 +1,161 @@ +{ + "id": "bf3b7abf-cc3a-4abd-8a34-b129cd649e6a", + "deletedDateTime": null, + "appId": "e8101cb5-84a3-49d7-860b-e5a75e63219a", + "applicationTemplateId": null, + "disabledByMicrosoftStatus": null, + "createdDateTime": "2024-09-07T06:06:54Z", + "displayName": "CCA Selection System", + "description": null, + "groupMembershipClaims": "All", + "identifierUris": [], + "isDeviceOnlyAuthSupported": null, + "isFallbackPublicClient": null, + "isManagementRestricted": null, + "nativeAuthenticationApisEnabled": null, + "notes": "", + "publisherDomain": "ykpaoschool.cn", + "serviceManagementReference": null, + "signInAudience": "AzureADMyOrg", + "tags": [], + "tokenEncryptionKeyId": null, + "samlMetadataUrl": null, + "defaultRedirectUri": null, + "certification": null, + "requestSignatureVerification": null, + "addIns": [], + "api": { + "acceptMappedClaims": null, + "knownClientApplications": [], + "requestedAccessTokenVersion": null, + "oauth2PermissionScopes": [], + "preAuthorizedApplications": [] + }, + "appRoles": [], + "info": { + "logoUrl": null, + "marketingUrl": null, + "privacyStatementUrl": null, + "supportUrl": null, + "termsOfServiceUrl": null + }, + "keyCredentials": [], + "optionalClaims": { + "accessToken": [ + { + "additionalProperties": [], + "essential": false, + "name": "groups", + "source": null + } + ], + "idToken": [ + { + "additionalProperties": [], + "essential": false, + "name": "email", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "family_name", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "given_name", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "preferred_username", + "source": null + }, + { + "additionalProperties": [], + "essential": false, + "name": "groups", + "source": null + } + ], + "saml2Token": [ + { + "additionalProperties": [], + "essential": false, + "name": "groups", + "source": null + } + ] + }, + "parentalControlSettings": { + "countriesBlockedForMinors": [], + "legalAgeGroupRule": "Allow" + }, + "passwordCredentials": [], + "publicClient": { + "redirectUris": [] + }, + "requiredResourceAccess": [ + { + "resourceAppId": "00000003-0000-0000-c000-000000000000", + "resourceAccess": [ + { + "id": "64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0", + "type": "Scope" + }, + { + "id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182", + "type": "Scope" + }, + { + "id": "37f7f235-527c-4136-accd-4a02d197296e", + "type": "Scope" + }, + { + "id": "14dad69e-099b-42c9-810b-d002981feec1", + "type": "Scope" + }, + { + "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", + "type": "Scope" + } + ] + } + ], + "verifiedPublisher": { + "displayName": null, + "verifiedPublisherId": null, + "addedDateTime": null + }, + "web": { + "homePageUrl": null, + "logoutUrl": null, + "redirectUris": [ + "https://cca.runxiyu.org/auth" + ], + "implicitGrantSettings": { + "enableAccessTokenIssuance": true, + "enableIdTokenIssuance": true + }, + "redirectUriSettings": [ + { + "uri": "https://cca.runxiyu.org/auth", + "index": null + } + ] + }, + "servicePrincipalLockConfiguration": { + "isEnabled": true, + "allProperties": true, + "credentialsWithUsageVerify": true, + "credentialsWithUsageSign": true, + "identifierUris": false, + "tokenEncryptionKeyId": true + }, + "spa": { + "redirectUris": [] + } +} -- cgit v1.2.3