Author: Arif Ali Mansuri
Creating a client provider using Azure is one of the features of the Anypoint platform and will be covered in this blog.
Using Azure AD as a tenant provider allows you to use your existing setup to authenticate and authorize API consumers. The Azure AD configuration in the Anypoint platform also provides a stateless microservice that translates OAuth 2.0 client application registration requests into requests supported by Azure AD.
Let’s see how we can add Azure AD to act as a client provider in MuleSoft.
Prerequisites: (i) Azure Account (ii) Anypoint platform credentials with access management permissions
Follow the Steps:
- Open your Azure portal and click on the Active directory.
- Just Click on the App registration.
- Now click on New registration.
- Provide the details and register.
- Now copy client id and tenant id form the App Page.
- Now click on endpoints to get issuer id i.e WS-Federation sign-on endpoint in the client management configuration.
- Now click on certificate and secrets then create new client secret.
- Copy the secret value(The value will only be displayed once, so copy it and keep it in a safe place).
- Then click API Permissions, click Add Permissions.
- Add following permissions.
- Once added, click Grant admin access for the default directory.
- This completes the Azure configuration part.
Let’s move on to our Anypoint platform access management to add a client provider.
- Login to the Anypoint platform
- Go to Access Management & open Client Provider
- Click the drop-down menu and select OpenID Connect DCR Azure.
- Provide Basic Client Details
- Name – Anything you can give
- Description – Any
- Dynamic Client Registration
- Issuer ( ) – ws-federation sign-on endpoint (refer fig 1.6)
- Tenant ID for Azure AD – Directory (tenant) ID (refer fig 1.5)
- Client ID – Application (Client) ID (refer fig 1.5)
- Client Secret – Created secret value (refer fig 1.8)
- Tick All the below checkboxes
- Now create
- This completes the creation of the dynamic client provider.
- Then navigate to the organization environment and assign the customer vendor accordingly .
Go to API Manager and apply the OpenId Connect access token enforcement policy to one of your live API instances.
Time to check our implementation.
Let’s create a new client in Anypoint Exchange and also authenticate the client to Azure AD Active Directory.
New client successfully created in azure active directory.
Status Code: 200 OK – Success Case
Status Code: 400 Bad Request – Failure Case