Azure AD as Client Provider in MuleSOFt

 

Dynamic client registration to configure Azure Active Directory (Azure AD) client management with Anypoint Platform. Using Azure AD as a client provider enables you to authenticate and authorize API consumers with your existing configurations. Azure AD configuration in Anypoint Platform also provides a stateless microservice to convert OAuth 2.0 client application registration requests to requests supported by Azure AD. Lets see how we add Azure AD as client provider in Mulesoft.

 

To show how we can configure this in Anypoint platform, please follow below steps

Login to Azure portal and click on Active directory

 

Click on App registration

 

Click on new registration

 

Add the details and click register

 

Copy client id and tenant id

 

Click on endpoints and copy WS-Federation sign-on endpoint this will act as issuer id in client management configuration

 

Click on certificate and secrets -> new client secret

 

Copy the secret value (value will be shown only once so copy and save it to secure location)

 

Now click on API permission and click add permission

 

Add all the permission shown as below

 

Once added click on grant admin access for default directory

 

With this we are now done with the azure configuration and can now do the required configuration on Anypoint platform

Click Access Management -> Client Providers -> Add Client Provider -> OpenID Connect DCR for Azure

 

Add the details

IssuerWS-Federation sign-on endpoint

Tenant Id, Client Id and Client Secret from the Azure portal

Azure AD as Client Provider in Mulesoft

 

Click on Create or Save

Azure AD as Client Provider in Mulesoft

 

This will create the configuration

 

Click on the Environment and select the environment where we want to add it as client management and click on update

Azure AD as Client Provider in Mulesoft

 

Environment configuration is updated now

 

Now we have add the OAuth policy to our api in Anypoint Manager

Azure AD as Client Provider in Mulesoft

 

How to connect API manager with runtime application – please see how we can connect the mulesoft application to API Manager

Now we will create the client app to call the employee API

Go to Exchange and select the relevant API and click on Request Access

Azure AD as Client Provider in Mulesoft

 

Select create new application

Azure AD as Client Provider in Mulesoft

 

Add the details

Azure AD as Client Provider in Mulesoft

 

And click on create

 

Click on Request Access

Azure AD as Client Provider in Mulesoft

 

It will show the Client ID and Secret

 

Sometime it might give HTTP 500 error so just retry

Same Client app will be created at the Azure side as well

 

This show the client app is now dynamically created on Azure side

Now if we call the employee API from postman we can see the error “Access token was not provided”

Azure AD as Client Provider in Mulesoft

 

Now we will call the Azure AD to get the token

To make a call we have to use below details

  • authorize url: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
  • token url: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
  • client id: {your client id}
  • client secret: {your client secret}
  • scope: https://graph.microsoft.com/.default

Azure AD as Client Provider in Mulesoft

 

Will use the token and call the actual employee api

 

So we can see the clients app are dynamically managed on Azure side.

Sample POSTMAN collection – Azure AD DCR.postman_collection

  
Thank you for taking out time to read the above post. Hope you found it useful. In case of any questions, feel free to comment below. Also, if you are keen on knowing about a specific topic, happy to explore your recommendations as well.
 
For any latest updates or posts on our website, you can follow us on LinkedIn. Look forward to connecting with you there.


Share this:
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments