Login users from multiple Azure AD's in Spring SecurityWhen using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?Unit testing with Spring SecurityHow should I ethically approach user password storage for later plaintext retrieval?Get more information from User - Spring SecurityHow can I have list of all users logged in (via spring security) my web applicationSpring security with multiple login pagesSpring Security - multiple logged usersSpring Security multiple logged users failSpring Security - multiple configurations - add LogoutHandlerStop Spring Security SavedDefaultRequest
Are Warlocks Arcane or Divine?
I'm in charge of equipment buying but no one's ever happy with what I choose. How to fix this?
How can I raise concerns with a new DM about XP splitting?
Indicating multiple different modes of speech (fantasy language or telepathy)
Greatest common substring
How do I repair my stair bannister?
What (else) happened July 1st 1858 in London?
Proof of Lemma: Every integer can be written as a product of primes
The most efficient algorithm to find all possible integer pairs which sum to a given integer
Was the picture area of a CRT a parallelogram (instead of a true rectangle)?
Lifted its hind leg on or lifted its hind leg towards?
What is the opposite of 'gravitas'?
Calculating the number of days between 2 dates in Excel
Word describing multiple paths to the same abstract outcome
Blender - show edges angles “direction”
Is there an Impartial Brexit Deal comparison site?
Simple image editor tool to draw a simple box/rectangle in an existing image
What do you call the infoboxes with text and sometimes images on the side of a page we find in textbooks?
Does "Dominei" mean something?
How can I successfully establish a nationwide combat training program for a large country?
A workplace installs custom certificates on personal devices, can this be used to decrypt HTTPS traffic?
Can the electrostatic force be infinite in magnitude?
Is a naturally all "male" species possible?
Installing PowerShell on 32-bit Kali OS fails
Login users from multiple Azure AD's in Spring Security
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?Unit testing with Spring SecurityHow should I ethically approach user password storage for later plaintext retrieval?Get more information from User - Spring SecurityHow can I have list of all users logged in (via spring security) my web applicationSpring security with multiple login pagesSpring Security - multiple logged usersSpring Security multiple logged users failSpring Security - multiple configurations - add LogoutHandlerStop Spring Security SavedDefaultRequest
I've got a Java Spring Security project that's linked to an Azure AD via a registered Application. This way I can redirect users to Microsoft to login with their Azure account before being able to view certain pages or use certain endpoints. This is all working great.
The problem is, I have another AD (and possibly more in the future) that I also want to be able to have users log into. However as far as I can see Spring Security only allows for 1 AD to be configured, so when a user wants to log in they always have to be a part of the currently linked AD.
I've tried looking into different solutions for this, for example syncing all the users from the external AD into the active AD. For this I was able to retrieve a list of users, but when I wanted to add them to the AD, the only API endpoints I could find were to create new accounts instead of link them from an external AD. Another idea was to configure Spring Security to simply authenticate against more than 1 AD. But as far as I've seen, that's not possible.
In the end I just want to have a situation where users from both AD's can log into my application, using their existing credentials without me having to manually invite each and every one. What is the best practice when dealing with a situation like this? I'd very much appreciate some help pointing me in the right direction. Thanks in advance!
java spring azure security login
New contributor
add a comment |
I've got a Java Spring Security project that's linked to an Azure AD via a registered Application. This way I can redirect users to Microsoft to login with their Azure account before being able to view certain pages or use certain endpoints. This is all working great.
The problem is, I have another AD (and possibly more in the future) that I also want to be able to have users log into. However as far as I can see Spring Security only allows for 1 AD to be configured, so when a user wants to log in they always have to be a part of the currently linked AD.
I've tried looking into different solutions for this, for example syncing all the users from the external AD into the active AD. For this I was able to retrieve a list of users, but when I wanted to add them to the AD, the only API endpoints I could find were to create new accounts instead of link them from an external AD. Another idea was to configure Spring Security to simply authenticate against more than 1 AD. But as far as I've seen, that's not possible.
In the end I just want to have a situation where users from both AD's can log into my application, using their existing credentials without me having to manually invite each and every one. What is the best practice when dealing with a situation like this? I'd very much appreciate some help pointing me in the right direction. Thanks in advance!
java spring azure security login
New contributor
You could look at making the application multi-tenant.. read about it here.. docs.microsoft.com/en-us/azure/active-directory/develop/…
– Rohit Saigal
Mar 21 at 14:50
1
Remember multi-tenant apps mean any tenant can log in. You have to check on your back-end what tenant was used to log in, and block them if they used one you don't want. Unless you of course want any tenant to be able to sign in :)
– juunas
Mar 21 at 14:52
1
Yes that's a good point from @juunas as usual.. Making the app multi-tenant may get you out of having to manually invite each and every one but you will need to put some effort to implement it correctly, like using /common endppoint, validating the tenant, understanding the consent framework and permissions you need and so on.. so read through and see if it makes sense.. good luck!
– Rohit Saigal
Mar 21 at 15:29
That sounds very promising! I'm going to look into the page you linked and multi-tenant applications in general. Having to do some more effort on the back-end shouldn't be an issue, as long as it accomplishes my goal. Thanks!
– bijlar
Mar 22 at 8:50
add a comment |
I've got a Java Spring Security project that's linked to an Azure AD via a registered Application. This way I can redirect users to Microsoft to login with their Azure account before being able to view certain pages or use certain endpoints. This is all working great.
The problem is, I have another AD (and possibly more in the future) that I also want to be able to have users log into. However as far as I can see Spring Security only allows for 1 AD to be configured, so when a user wants to log in they always have to be a part of the currently linked AD.
I've tried looking into different solutions for this, for example syncing all the users from the external AD into the active AD. For this I was able to retrieve a list of users, but when I wanted to add them to the AD, the only API endpoints I could find were to create new accounts instead of link them from an external AD. Another idea was to configure Spring Security to simply authenticate against more than 1 AD. But as far as I've seen, that's not possible.
In the end I just want to have a situation where users from both AD's can log into my application, using their existing credentials without me having to manually invite each and every one. What is the best practice when dealing with a situation like this? I'd very much appreciate some help pointing me in the right direction. Thanks in advance!
java spring azure security login
New contributor
I've got a Java Spring Security project that's linked to an Azure AD via a registered Application. This way I can redirect users to Microsoft to login with their Azure account before being able to view certain pages or use certain endpoints. This is all working great.
The problem is, I have another AD (and possibly more in the future) that I also want to be able to have users log into. However as far as I can see Spring Security only allows for 1 AD to be configured, so when a user wants to log in they always have to be a part of the currently linked AD.
I've tried looking into different solutions for this, for example syncing all the users from the external AD into the active AD. For this I was able to retrieve a list of users, but when I wanted to add them to the AD, the only API endpoints I could find were to create new accounts instead of link them from an external AD. Another idea was to configure Spring Security to simply authenticate against more than 1 AD. But as far as I've seen, that's not possible.
In the end I just want to have a situation where users from both AD's can log into my application, using their existing credentials without me having to manually invite each and every one. What is the best practice when dealing with a situation like this? I'd very much appreciate some help pointing me in the right direction. Thanks in advance!
java spring azure security login
java spring azure security login
New contributor
New contributor
New contributor
asked Mar 21 at 14:45
bijlarbijlar
61
61
New contributor
New contributor
You could look at making the application multi-tenant.. read about it here.. docs.microsoft.com/en-us/azure/active-directory/develop/…
– Rohit Saigal
Mar 21 at 14:50
1
Remember multi-tenant apps mean any tenant can log in. You have to check on your back-end what tenant was used to log in, and block them if they used one you don't want. Unless you of course want any tenant to be able to sign in :)
– juunas
Mar 21 at 14:52
1
Yes that's a good point from @juunas as usual.. Making the app multi-tenant may get you out of having to manually invite each and every one but you will need to put some effort to implement it correctly, like using /common endppoint, validating the tenant, understanding the consent framework and permissions you need and so on.. so read through and see if it makes sense.. good luck!
– Rohit Saigal
Mar 21 at 15:29
That sounds very promising! I'm going to look into the page you linked and multi-tenant applications in general. Having to do some more effort on the back-end shouldn't be an issue, as long as it accomplishes my goal. Thanks!
– bijlar
Mar 22 at 8:50
add a comment |
You could look at making the application multi-tenant.. read about it here.. docs.microsoft.com/en-us/azure/active-directory/develop/…
– Rohit Saigal
Mar 21 at 14:50
1
Remember multi-tenant apps mean any tenant can log in. You have to check on your back-end what tenant was used to log in, and block them if they used one you don't want. Unless you of course want any tenant to be able to sign in :)
– juunas
Mar 21 at 14:52
1
Yes that's a good point from @juunas as usual.. Making the app multi-tenant may get you out of having to manually invite each and every one but you will need to put some effort to implement it correctly, like using /common endppoint, validating the tenant, understanding the consent framework and permissions you need and so on.. so read through and see if it makes sense.. good luck!
– Rohit Saigal
Mar 21 at 15:29
That sounds very promising! I'm going to look into the page you linked and multi-tenant applications in general. Having to do some more effort on the back-end shouldn't be an issue, as long as it accomplishes my goal. Thanks!
– bijlar
Mar 22 at 8:50
You could look at making the application multi-tenant.. read about it here.. docs.microsoft.com/en-us/azure/active-directory/develop/…
– Rohit Saigal
Mar 21 at 14:50
You could look at making the application multi-tenant.. read about it here.. docs.microsoft.com/en-us/azure/active-directory/develop/…
– Rohit Saigal
Mar 21 at 14:50
1
1
Remember multi-tenant apps mean any tenant can log in. You have to check on your back-end what tenant was used to log in, and block them if they used one you don't want. Unless you of course want any tenant to be able to sign in :)
– juunas
Mar 21 at 14:52
Remember multi-tenant apps mean any tenant can log in. You have to check on your back-end what tenant was used to log in, and block them if they used one you don't want. Unless you of course want any tenant to be able to sign in :)
– juunas
Mar 21 at 14:52
1
1
Yes that's a good point from @juunas as usual.. Making the app multi-tenant may get you out of having to manually invite each and every one but you will need to put some effort to implement it correctly, like using /common endppoint, validating the tenant, understanding the consent framework and permissions you need and so on.. so read through and see if it makes sense.. good luck!
– Rohit Saigal
Mar 21 at 15:29
Yes that's a good point from @juunas as usual.. Making the app multi-tenant may get you out of having to manually invite each and every one but you will need to put some effort to implement it correctly, like using /common endppoint, validating the tenant, understanding the consent framework and permissions you need and so on.. so read through and see if it makes sense.. good luck!
– Rohit Saigal
Mar 21 at 15:29
That sounds very promising! I'm going to look into the page you linked and multi-tenant applications in general. Having to do some more effort on the back-end shouldn't be an issue, as long as it accomplishes my goal. Thanks!
– bijlar
Mar 22 at 8:50
That sounds very promising! I'm going to look into the page you linked and multi-tenant applications in general. Having to do some more effort on the back-end shouldn't be an issue, as long as it accomplishes my goal. Thanks!
– bijlar
Mar 22 at 8:50
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
bijlar is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55283098%2flogin-users-from-multiple-azure-ads-in-spring-security%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
bijlar is a new contributor. Be nice, and check out our Code of Conduct.
bijlar is a new contributor. Be nice, and check out our Code of Conduct.
bijlar is a new contributor. Be nice, and check out our Code of Conduct.
bijlar is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55283098%2flogin-users-from-multiple-azure-ads-in-spring-security%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You could look at making the application multi-tenant.. read about it here.. docs.microsoft.com/en-us/azure/active-directory/develop/…
– Rohit Saigal
Mar 21 at 14:50
1
Remember multi-tenant apps mean any tenant can log in. You have to check on your back-end what tenant was used to log in, and block them if they used one you don't want. Unless you of course want any tenant to be able to sign in :)
– juunas
Mar 21 at 14:52
1
Yes that's a good point from @juunas as usual.. Making the app multi-tenant may get you out of having to manually invite each and every one but you will need to put some effort to implement it correctly, like using /common endppoint, validating the tenant, understanding the consent framework and permissions you need and so on.. so read through and see if it makes sense.. good luck!
– Rohit Saigal
Mar 21 at 15:29
That sounds very promising! I'm going to look into the page you linked and multi-tenant applications in general. Having to do some more effort on the back-end shouldn't be an issue, as long as it accomplishes my goal. Thanks!
– bijlar
Mar 22 at 8:50