Long gone are the days when you had to create your own user account management, authentication, and authorization for your web delivered software. Instead, contemporary applications leverage these functions (Identity and Access Management, IAM for short) from an external provider. As a full featured Java application runtime, Open Liberty has great options for externally provided IAM. Open Liberty supports IAM mainstays such as social media login, SAML and OpenID Connect. In Bruce Tiffany’s blog post Securing Open Liberty apps and micro-services with MicroProfile JWT and Social Media login, you have a solid example on how to use the Open Liberty social media login feature to authenticate users using their existing social media credentials. In this blog post, let’s take a look at another example on how to configure the Liberty social login feature as an OpenID Connect client to secure Java applications with Azure Active Directory.
The code used in this blog post is hosted on this GitHub repository as part of the official Azure samples - feel free to check it out and follow its user guide to run the Java EE demo application before or after reading this blog.
Set Up Azure Active Directory
Azure Active Directory (Azure AD) implements OpenID Connect (OIDC), an authentication protocol built on OAuth 2.0, which lets you securely sign in a user from Azure AD to an application. Before going into the sample code, you must first set up an Azure AD tenant and create an application registration with a redirect URL and client secret. The tenant ID, application (client) ID and client secret are used by Open Liberty to negotiate with Azure AD to complete an OAuth 2.0 authorization code flow.
Learn how to set up Azure AD from these articles:
#java #tutorial #java ee #jwt #jakarta ee #microprofile #azure active directory #open liberty
