extern/doc.rustdesk.com
1
0
Fork 1
mirror of https://github.com/rustdesk/doc.rustdesk.com.git synced 2025-02-25 14:42:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

More about Azure Redirect URIs restrictions

Browse Source 
Signed-off-by: fufesou <shuanglongchen@yeah.net>
This commit is contained in:
fufesou 2023-09-26 20:31:59 +08:00
parent 481161c41b
commit 10f993b9be
4 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
content/self-host/rustdesk-server-pro/oidc/Azure/_index.en.md
View File

@ -9,24 +9,27 @@ weight: 16
2. Search for and select **Microsoft Entra ID**. 2. Search for and select **Microsoft Entra ID**.
3. In the left menu, select [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), click **New registration**. 3. In the left menu, select [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), click **New registration**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/1-Azure-NewRegistration.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/1-Azure-NewRegistration.png)
4. Enter the **Name** and select the **Supported account types**. Enter **Redirect URI**. In the **Redirect URI** section, replace `hbbs host` and `port` with your own, such as `localhost:8000`. 4. Open the RustDesk Pro console, in the **Settings** page, click the **OIDC** module. Then copy the **Callback url**. **Note**: The **Callback url** is not editable, the `Path` part is fixed to `api/oidc/callback`, and the `Protocol://Host:Port` part is the origin of the current web page. If you open it through the address `http://localhost:8000/<path>`, then the **Callback url** is `http://localhost:8000/api/oidc/callback`. If you open it through the address `https://192.168.0.1:8000/<path>` is opened, then the **Callback url** is `https://192.168.0.1:8000/api/oidc/callback`. Because Azure must use `https://` or `http://localhost`, please select the appropriate address to open your RustDesk Pro console.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/12-RustDesk-Callback.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register-RecirectURIs-Restrictions.png)
5. Input the **Name**, select the **Supported account types**, and paste the **Redirect URI** from RustDesk Pro.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register.png)
5. Open the RustDesk Pro console, in the **Settings** page, click the **OIDC** module, and click **New auth provider**. 6. In RustDesk Pro, click **New auth provider**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/3-RustDesk-NewAuthProvider.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/3-RustDesk-NewAuthProvider.png)
6. In Azure, select the application you want to use, click **Overview**, and copy the **Application (client) ID**. 7. In Azure, select the application you want to use, click **Overview**, and copy the **Application (client) ID**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/4-Azure-ClientID.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/4-Azure-ClientID.png)
7. In RustDesk Pro, paste the **Client id**. 8. In RustDesk Pro, paste the **Client id**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/5-RustDesk-ClientID.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/5-RustDesk-ClientID.png)
8. In Azure, **Certificates & secrets**, create a new or select a client secret, usually New. 9. In Azure, **Certificates & secrets**, create a new or select a client secret, usually New.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/6-Azure-NewOrSelectClientSecret.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/6-Azure-NewOrSelectClientSecret.png)
9. In Azure, copy the value of the client secret. **Note**: This value is only visible when you first register. It is no longer visible after you leave the page. Please keep this value properly. 10. In Azure, copy the value of the client secret. **Note**: This value is only visible when you first register. It is no longer visible after you leave the page. Please keep this value properly.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/7-Azure-CopySecretValue.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/7-Azure-CopySecretValue.png)
10. In RustDesk Pro, paste the value for the client secret. 11. In RustDesk Pro, paste the value for the client secret.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/8-RustDesk-FillClientSecret.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/8-RustDesk-FillClientSecret.png)
11. In RustDesk Pro, fill in the **Issuer** field, `https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`. Please replace `Directory (tenant) ID` with your **Directory (tenant) ID**. The **Directory (tenant) ID** is in Azure's app **Overview** panel. 12. In RustDesk Pro, fill in the **Issuer** field, `https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`. Please replace `Directory (tenant) ID` with your **Directory (tenant) ID**. The **Directory (tenant) ID** is in Azure's app **Overview** panel.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/9-RustDesk-Issuer.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/9-RustDesk-Issuer.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/10-Azure-TenantID.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/10-Azure-TenantID.png)
12. In Azure, select "Authentication" menu. Then set up authorization, by choosing **ID tokens (used for implicit and hybrid flows)**. 13. In Azure, select "Authentication" menu. Then set up authorization, by choosing **ID tokens (used for implicit and hybrid flows)**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/11-Azure-Auth.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/11-Azure-Auth.png)

22
content/self-host/rustdesk-server-pro/oidc/Azure/_index.zh-cn.md
View File

@ -9,30 +9,32 @@ weight: 16
2. 查找并选择 **Microsoft Entra ID** 2. 查找并选择 **Microsoft Entra ID**
3. 选择左侧菜单的 [**应用注册**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps),点击 **新注册** 3. 选择左侧菜单的 [**应用注册**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps),点击 **新注册**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/1-Azure-NewRegistration.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/1-Azure-NewRegistration.png)
4. 输入 **名称** ,选择 **受支持的帐户类型** 。输入 **重定向 URI**。在 **重定向 URI** 部分, 请将 `hbbs host``port` 替换为你自己的,如 `localhost:8000` 4. 打开 RustDesk Pro 控制台,进入 **设置** 页,点击 **OIDC** 模块,复制 **Callback url** 。**注****Callback url** 是不可编辑的,`Path`部分固定是`api/oidc/callback``Protocol://Host:Port` 部分是当前网页的值。如您是通过地址 `http://localhost:8000/<path>` 打开的,那么 **Callback url** 就是 `http://localhost:8000/api/oidc/callback` ,如果您是通过地址 `https://192.168.0.1:8000/<path>` 打开的,那么 **Callback url** 就是 `https://192.168.0.1:8000/api/oidc/callback` 。因为 Azure 必须用 `https://` 或者 `http://localhost` ,请选择合适的地址打开您的 RustDesk Pro 控制台。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/12-RustDesk-Callback.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register-RecirectURIs-Restrictions.png)
5. 输入 **名称** ,选择 **受支持的帐户类型** ,粘贴刚才复制的 **重定向 URI**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register.png)
5. 打开 RustDesk Pro 控制台,进入 **设置** 页,点击 **OIDC** 模块,点击 **New auth provider** 6. 在 RustDesk Pro 中,点击 **New auth provider**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/3-RustDesk-NewAuthProvider.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/3-RustDesk-NewAuthProvider.png)
6. 在 Azure 中,选择你想使用的应用,点击 **概要**,拷贝 **应用程序(客户端) ID** 7. 在 Azure 中,选择你想使用的应用,点击 **概要**,拷贝 **应用程序(客户端) ID**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/4-Azure-ClientID.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/4-Azure-ClientID.png)
7. 在 RustDesk Pro 中,粘贴 **Client id** 8. 在 RustDesk Pro 中,粘贴 **Client id**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/5-RustDesk-ClientID.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/5-RustDesk-ClientID.png)
8. 在 Azure 中, **证书和密码** ,新建或选择 **客户端密码**,一般是新建。 9. 在 Azure 中, **证书和密码** ,新建或选择 **客户端密码**,一般是新建。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/6-Azure-NewOrSelectClientSecret.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/6-Azure-NewOrSelectClientSecret.png)
9. 在 Azure 中,复制出客户端密码的值。**注**:只有刚注册时,这个值才是可见的,离开页面后不再可见,请妥善保管这个值。 10. 在 Azure 中,复制出客户端密码的值。**注**:只有刚注册时,这个值才是可见的,离开页面后不再可见,请妥善保管这个值。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/7-Azure-CopySecretValue.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/7-Azure-CopySecretValue.png)
10. 在 RustDesk Pro 中,粘贴客户端密码的值。 11. 在 RustDesk Pro 中,粘贴客户端密码的值。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/8-RustDesk-FillClientSecret.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/8-RustDesk-FillClientSecret.png)
11. 在 RustDesk Pro 中,填入 **Issuer** 字段,`https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`。请将 `Directory (tenant) ID` 替换为您的 **目录(租户) ID**。**目录(租户) ID** 在 Azure 的应用 **概要** 面板中。 12. 在 RustDesk Pro 中,填入 **Issuer** 字段,`https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`。请将 `Directory (tenant) ID` 替换为您的 **目录(租户) ID**。**目录(租户) ID** 在 Azure 的应用 **概要** 面板中。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/9-RustDesk-Issuer.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/9-RustDesk-Issuer.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/10-Azure-TenantID.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/10-Azure-TenantID.png)
12. 在 Azure 中, 选择 **身份验证** 菜单,设置授权,选择 **ID 令牌(用于隐式流和混合流)** 13. 在 Azure 中, 选择 **身份验证** 菜单,设置授权,选择 **ID 令牌(用于隐式流和混合流)**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/11-Azure-Auth.png) ![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/11-Azure-Auth.png)
## 故障排除 ## 故障排除
## 参考 ## 参考
- [openid-settings](https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings) - [openid-settings](https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings)

BIN
content/self-host/rustdesk-server-pro/oidc/Azure/images/12-RustDesk-Callback.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 156 KiB

BIN
content/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register-RecirectURIs-Restrictions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB