2

I want to integrate Azure Active Directory with Shield (an ElasticSearch plugin) and trying to figure out what values I need to specify in this section of Shiled configuration

shield:
  authc:
    realms:
      active_directory:
        type: active_directory
        order: 0 
        domain_name: ad.example.com
        url: ldaps://ad.example.com:636 
        unmapped_groups_as_roles: true 
      ...
https://www.elastic.co/guide/en/shield/current/active-directory.html

For my .Net application, I specify 

<add key="ida:AADInstance" value="https://login.microsoftonline.com/{0}" /> 
<add key="ida:Tenant" value="[Enter the name of your tenant, e.g. contoso.onmicrosoft.com]" /> 
<add key="ida:ClientId" value="[Enter the Client Id of your application from the portal, e.g. 7de803e2-9k32-4e7a-8335-b77ae40297f0]" /> 
<add key="ida:RedirectUri" value="[Enter the Redirect URI of your application from the portal, e.g. http://TodoListClient]" />

and trying to figure out how this maps with Shield configuration.

StackOfStacks
  • 83
  • 7

1 Answers1

1

From the documentation you referred to in https://www.elastic.co/guide/en/shield/current/active-directory.html, ElasticSearch uses LDAP for integrating with Active Directory. That protocol works with on-premises AD, but not with classic Azure Active Directory (which is what the settings form your .NET app refer to). If you want you can give a try to the (currently in preview) domain services offering, which does provide LDAP, but I am not sure if that's what you want here.

vibronet
  • 7,364
  • 2
  • 19
  • 21