extern/doc.rustdesk.com
1
0
Fork 1
mirror of https://github.com/rustdesk/doc.rustdesk.com.git synced 2024-12-26 17:09:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #307 from fufesou/doc/oidc_azure_redirect_uris_restrictions

Browse Source 
More about Azure Redirect URIs restrictions
This commit is contained in:
RustDesk 2023-09-26 21:05:25 +08:00 committed by GitHub
commit dca4ac6b9e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
content/self-host/rustdesk-server-pro/oidc/Azure/_index.en.md
View File

@ -9,24 +9,27 @@ weight: 16
2. Search for and select **Microsoft Entra ID**.
3. In the left menu, select [**App registrations**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps), click **New registration**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/1-Azure-NewRegistration.png)
4. Enter the **Name** and select the **Supported account types**. Enter **Redirect URI**. In the **Redirect URI** section, replace `hbbs host` and `port` with your own, such as `localhost:8000`.
4. Open the RustDesk Pro console, in the **Settings** page, click the **OIDC** module. Then copy the **Callback url**. **Note**: The **Callback url** is not editable, the `Path` part is fixed to `api/oidc/callback`, and the `Protocol://Host:Port` part is the origin of the current web page. If you open it through the address `http://localhost:8000/<path>`, then the **Callback url** is `http://localhost:8000/api/oidc/callback`. If you open it through the address `https://192.168.0.1:8000/<path>` is opened, then the **Callback url** is `https://192.168.0.1:8000/api/oidc/callback`. Because Azure must use `https://` or `http://localhost`, please select the appropriate address to open your RustDesk Pro console.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/12-RustDesk-Callback.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register-RecirectURIs-Restrictions.png)
5. Input the **Name**, select the **Supported account types**, and paste the **Redirect URI** from RustDesk Pro.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register.png)
5. Open the RustDesk Pro console, in the **Settings** page, click the **OIDC** module, and click **New auth provider**.
6. In RustDesk Pro, click **New auth provider**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/3-RustDesk-NewAuthProvider.png)
6. In Azure, select the application you want to use, click **Overview**, and copy the **Application (client) ID**.
7. In Azure, select the application you want to use, click **Overview**, and copy the **Application (client) ID**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/4-Azure-ClientID.png)
7. In RustDesk Pro, paste the **Client id**.
8. In RustDesk Pro, paste the **Client id**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/5-RustDesk-ClientID.png)
8. In Azure, **Certificates & secrets**, create a new or select a client secret, usually New.
9. In Azure, **Certificates & secrets**, create a new or select a client secret, usually New.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/6-Azure-NewOrSelectClientSecret.png)
9. In Azure, copy the value of the client secret. **Note**: This value is only visible when you first register. It is no longer visible after you leave the page. Please keep this value properly.
10. In Azure, copy the value of the client secret. **Note**: This value is only visible when you first register. It is no longer visible after you leave the page. Please keep this value properly.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/7-Azure-CopySecretValue.png)
10. In RustDesk Pro, paste the value for the client secret.
11. In RustDesk Pro, paste the value for the client secret.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/8-RustDesk-FillClientSecret.png)
11. In RustDesk Pro, fill in the **Issuer** field, `https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`. Please replace `Directory (tenant) ID` with your **Directory (tenant) ID**. The **Directory (tenant) ID** is in Azure's app **Overview** panel.
12. In RustDesk Pro, fill in the **Issuer** field, `https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`. Please replace `Directory (tenant) ID` with your **Directory (tenant) ID**. The **Directory (tenant) ID** is in Azure's app **Overview** panel.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/9-RustDesk-Issuer.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/10-Azure-TenantID.png)
12. In Azure, select "Authentication" menu. Then set up authorization, by choosing **ID tokens (used for implicit and hybrid flows)**.
13. In Azure, select "Authentication" menu. Then set up authorization, by choosing **ID tokens (used for implicit and hybrid flows)**.
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/11-Azure-Auth.png)

22
content/self-host/rustdesk-server-pro/oidc/Azure/_index.zh-cn.md
View File

@ -9,30 +9,32 @@ weight: 16
2. 查找并选择 **Microsoft Entra ID**
3. 选择左侧菜单的 [**应用注册**](https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/RegisteredApps),点击 **新注册**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/1-Azure-NewRegistration.png)
4. 输入 **名称** ,选择 **受支持的帐户类型** 。输入 **重定向 URI**。在 **重定向 URI** 部分, 请将 `hbbs host``port` 替换为你自己的,如 `localhost:8000`
4. 打开 RustDesk Pro 控制台,进入 **设置** 页,点击 **OIDC** 模块,复制 **Callback url** 。**注****Callback url** 是不可编辑的,`Path`部分固定是`api/oidc/callback``Protocol://Host:Port` 部分是当前网页的值。如您是通过地址 `http://localhost:8000/<path>` 打开的,那么 **Callback url** 就是 `http://localhost:8000/api/oidc/callback` ,如果您是通过地址 `https://192.168.0.1:8000/<path>` 打开的,那么 **Callback url** 就是 `https://192.168.0.1:8000/api/oidc/callback` 。因为 Azure 必须用 `https://` 或者 `http://localhost` ,请选择合适的地址打开您的 RustDesk Pro 控制台。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/12-RustDesk-Callback.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register-RecirectURIs-Restrictions.png)
5. 输入 **名称** ,选择 **受支持的帐户类型** ,粘贴刚才复制的 **重定向 URI**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register.png)
5. 打开 RustDesk Pro 控制台,进入 **设置** 页,点击 **OIDC** 模块,点击 **New auth provider**
6. 在 RustDesk Pro 中,点击 **New auth provider**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/3-RustDesk-NewAuthProvider.png)
6. 在 Azure 中,选择你想使用的应用,点击 **概要**,拷贝 **应用程序(客户端) ID**
7. 在 Azure 中,选择你想使用的应用,点击 **概要**,拷贝 **应用程序(客户端) ID**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/4-Azure-ClientID.png)
7. 在 RustDesk Pro 中,粘贴 **Client id**
8. 在 RustDesk Pro 中,粘贴 **Client id**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/5-RustDesk-ClientID.png)
8. 在 Azure 中, **证书和密码** ,新建或选择 **客户端密码**,一般是新建。
9. 在 Azure 中, **证书和密码** ,新建或选择 **客户端密码**,一般是新建。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/6-Azure-NewOrSelectClientSecret.png)
9. 在 Azure 中,复制出客户端密码的值。**注**:只有刚注册时,这个值才是可见的,离开页面后不再可见,请妥善保管这个值。
10. 在 Azure 中,复制出客户端密码的值。**注**:只有刚注册时,这个值才是可见的,离开页面后不再可见,请妥善保管这个值。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/7-Azure-CopySecretValue.png)
10. 在 RustDesk Pro 中,粘贴客户端密码的值。
11. 在 RustDesk Pro 中,粘贴客户端密码的值。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/8-RustDesk-FillClientSecret.png)
11. 在 RustDesk Pro 中,填入 **Issuer** 字段,`https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`。请将 `Directory (tenant) ID` 替换为您的 **目录(租户) ID**。**目录(租户) ID** 在 Azure 的应用 **概要** 面板中。
12. 在 RustDesk Pro 中,填入 **Issuer** 字段,`https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0`。请将 `Directory (tenant) ID` 替换为您的 **目录(租户) ID**。**目录(租户) ID** 在 Azure 的应用 **概要** 面板中。
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/9-RustDesk-Issuer.png)
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/10-Azure-TenantID.png)
12. 在 Azure 中, 选择 **身份验证** 菜单,设置授权,选择 **ID 令牌(用于隐式流和混合流)**
13. 在 Azure 中, 选择 **身份验证** 菜单,设置授权,选择 **ID 令牌(用于隐式流和混合流)**
![](/docs/en/self-host/rustdesk-server-pro/oidc/Azure/images/11-Azure-Auth.png)
## 故障排除
## 参考
- [openid-settings](https://learn.microsoft.com/en-us/power-pages/security/authentication/openid-settings)

BIN
content/self-host/rustdesk-server-pro/oidc/Azure/images/12-RustDesk-Callback.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 156 KiB

BIN
content/self-host/rustdesk-server-pro/oidc/Azure/images/2-Azure-Register-RecirectURIs-Restrictions.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB