A client of mine is asking me to make a quote to implement a Azure Single Sign-On (SSO) for his MODX site.
I assume this is doable, however have no idea how much time this would normally take or cost?
Has any of you done SSO for MODX via Azure? What tools are used?
Just answered this on Slack, but will paste it here for future reference:
I’ve done auth via Azure for a client. Not sure if that’s what you’re looking for but here’s what I did.
in a plugin, for specific user groups redirect them to
$login_url ="https://login.microsoftonline.com/".$tennantid."/oauth2/v2.0/authorize";
with appropriate params (client id, redirect uri, scope etc.)
so when the client logs in, they get redirected to the MS landing page, they login and get sent to the redirect uri I provided.
on the landing page, I verified the token using
https://graph.microsoft.com/v1.0/me/
endpoint (curl to the url, with Authorization header), and if there was no error check if e-mails matched (the curl returned the email), and manually used the
\MODX\Revolution\Processors\Security\Login
processor to log them in.
Been running in prod for ~6 months now, withot any issues.
I would be good to see some code on this, for example the initial plugin and the curl commands etc. Seems to be very little documentation on SSO type auths created manually without using a third party addon