Enabling Microsoft Azure Authenticator for Tanzu Application Platform (TAP)

In this blog post, I will help you to configure Microsoft Azure Authenticator for Tanzu Application Platform GUI to allow an authenticated users login. There are several providers that you can configure and Azure authenticator is one of them that we will talk int his post. Once authentication is enabled, you will get TAP UI like below.

Pre-requirements

  • TAP GUI is configured to be accessible over https -> If you need help configuring this, you can refer my post here
  • You have an Azure App created
  • TAP Instance is up and running (I have tested this with TAP 1.1)
  • Create a secret for an azure app
  • Note down the client ID, clientsecret and tenant id for the app

Enabling Azure Authenticator for TAP

  • Open tap-values.yaml file and add the parameters related to Azure Authenticator
  • Update the tap package by running the following command
❯ tanzu package installed update tap -p tap.tanzu.vmware.com -v 1.1.0 --values-file tap11-values.yaml -n tap-install
| Updating installed package 'tap' 
- Getting package install for 'tap' 
- Getting package metadata for 'tap.tanzu.vmware.com' 
- Updating secret 'tap-tap-install-values' 
- Updating package install for 'tap' 
\ Waiting for 'PackageInstall' reconciliation for 'tap' 

| 'PackageInstall' resource successfully reconciled 
Updated installed package 'tap' in namespace 'tap-install'

  • Once package updation is successful, open the TAP GUI on a browser and you will notice that it is now asking to login.
  • Click Sign IN and after sign in, you will be asked to allow some permissions
  • You may notice the error about redirect URI, update the redirect URI under azure app. it’s in the format of `https://<tap-gui-host>.ingressdomain-name/api/auth/microsoft/handler/frame
  • And, you are successfully logged in.

Validating Authentication Provider on TAP GUI

Once you are successfully logged in to the TAP GUI, Navigate to Settings from left navigation menu and Click Authentication Provider. Notice the login status and provider.

  • We have now successfully validated the authentication.

Reference Docs

  • Redirect URI Error

https://docs.microsoft.com/en-gb/azure/active-directory/develop/reply-url

  • Backstage Doc for Auth provider configuration

https://backstage.io/docs/auth/microsoft/provider

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s