MantisBT - TestLink
View Issue Details
0008591TestLinkUser Authentication Methodspublic2019-03-08 17:332019-03-14 20:52
buzzlightyear 
 
normalfeature requestN/A
newopen 
LinuxDebian9
1.9.19 (2019 Q1) 
 
mysql
N/A
7.1
0008591: OAuth enhancement - microsoft oauth provider
Added oauth provider configuration and code to enable authentication using Microsoft accounts

Added new file microsoftoauth.php (copied relevant sections from login.php) to cater for Microsoft configuration that does not allow redirectURL to contain querystring for security purposes.

Pull request https://github.com/TestLinkOpenSourceTRMS/testlink-code/pull/188 [^]
No tags attached.
Issue History
2019-03-08 17:33buzzlightyearNew Issue
2019-03-09 13:27buzzlightyearNote Added: 0028580
2019-03-09 13:31buzzlightyearNote Edited: 0028580bug_revision_view_page.php?bugnote_id=28580#r5762
2019-03-09 13:34buzzlightyearNote Added: 0028581
2019-03-09 13:56buzzlightyearNote Added: 0028582
2019-03-14 20:52fmanNote Added: 0028600

Notes
(0028580)
buzzlightyear   
2019-03-09 13:27   
(edited on: 2019-03-09 13:31)
1. To register an application go to https://apps.dev.microsoft.com. [^]
2. After signing in with your Microsoft account add an application by clicking Add an app.
3. Enter a name for your application and click Create Application
4. The application will be created, and the application details page will be displayed, which will list the Application Id. Click Generate New Password to generate a new password. The generated password will be displayed, copy it to configure it later in TestLink and click Ok
5. Under Platforms click Add Platform and click Web
6. Enter https://yourtestlinkserver/microsoftoauth.php [^] in the Redirect URL and https://yourtestlinkserver [^] in the Logout URL. The User.Read should be displayed under Microsoft Graph permissions by default, click Save at the bottom of the page to store all the changes.
7. Connect to your testlink server, open config.inc.php in a text editor and uncomment the $tlCfg->OAuthServers[1] lines referring to Microsoft below the Github OAuth section
8. Set the oauth_client_id value to the Application Id from dev.apps.microsoft.com
9. Set the oauth_client_secret to the password generated in step 4.
10. Set the redirect_uri to the same value configured in the Redirect URL in step 6.
11. Save the config, and browse to the main page of your TestLink installation using your browser. You should see another button below the normal Log in button with the name Sign in with Microsoft. Click it, and you will be prompted for your Microsoft account details, after which you will have to give consent to the app (TestLink) to read your profile.
12. Click Yes, and you should be returned to your TestLink instance, and be logged in with a user with guest role.
13. You can change this to by default create a user with no rights, by editing config.inc.php and changing the value of $tlCfg->default_roleid to TL_ROLES_NO_RIGHTS;

Enjoy!

P.S. Microsoft might prompt (irritate?!) you to view the App configuration in the Azure portal, the instructions above is not for the Azure portal but for https://apps.dev.microsoft.com. [^]

(0028581)
buzzlightyear   
2019-03-09 13:34   
Should you be viewing/editing via Azure, your applications can be viewed by nagigating to https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade [^] and clicking the Applications from personal account next to All applications and Own applications. I've noticed that my application was NOT listed under All applications, only under Applications from personal account.
(0028582)
buzzlightyear   
2019-03-09 13:56   
It is possible to use both Office365 accounts as well as personal Microsoft accounts to authenticate. I configured my application using a free personal Microsoft account.
(0028600)
fman   
2019-03-14 20:52   
Thanks for the details you have added.