Atlas/ WebApi authentication using Azure AD identity provider

hryniewieckiema · April 12, 2023, 1:55pm

Hi,
We are trying to enable security on Atlas and WebApi applications.
First we plan to enable authentication. We would like to authenticate users based on the Azure AD.
User will go to Atlas web page and if its not logged it will be redirected to microsoft Azure login page then after succesfull authentication will be able to use Atlas web page and also get data from database through WebApi.
Additionally both Atlas and WebApi are hosted on Azure webApp server.
Does anyone of you have experience how to configure applications to achieve this on Azure cloud env ?

I found that on Atlas there is config file called “config-local.js” which allows to specify auth provider.
For WebApi in settings.xml it is possible to specify auth configuration, but I’m not sure which one is the best for our scenario(we were thinking than maybe openID will help us).

Finally Microsoft added option to enable authentication for web applications but this seems to require code modifications in both frontend and backend(Tutorial: Authenticate users E2E - Azure App Service | Microsoft Learn)

Thank you in advance for any comments !

Sanjay_Udoshi · April 12, 2023, 6:01pm

Using this dockerized method to create a full stack environment is likely the best approach for you. Otherwise using the Azure tools will be a steep learning curve.

Try this locally using Docker-Desktop, and once your configuration works you can migrate it to a VM on Azure and make it generally available with security enabled.

We just completed a similar effort on Google Cloud. Join us on our beta discord channel if you would like to learn more: https://discord.gg/sfdS6Ex6

The implementers channel has a recent and detailed thread under LDAP security from which you can learn the detailed steps.

-Sanjay

Ajit_Londhe · April 12, 2023, 6:07pm

Use the develop branch if trying to use the new v3.0.0.

The official release of Broadsea v3.0.0 is scheduled for this Friday.

hryniewieckiema · April 19, 2023, 1:00pm

Thank you for your replies, @Sanjay_Udoshi using that dockerized method would it be possibile to configue WebApi to use data source spark/ databricks for CDM data ?

Sanjay_Udoshi · April 19, 2023, 5:15pm

Yes, absolutely. I don’t have experience with Spark, so I can’t help, but specifying your CDM is very easy once you have security enabled. If you don’t have security enabled, you will have to manually add the parameters (jdbc string to connect, username, password etc) in the webapi.source and webapi.source_daimon tables in the postgres backend for WebAPI.