Multi-Tenant Web APP - aad.config.json

[vespo92]

Hello World,

I have continued to search for this without any success and haven't found any documentation nor received any follow up to my thread on stack overflow.

The only file I can see necessary to change for Single to Multi-Tenant is the AAD.config.json file.

Auth works fine for the hosting tenant when set to Multi-Tenant both with the and without the "/oauth2/token" tail .

In Dev Console

First:
crbug/1173575, non-JS module files deprecated.

Followed by:

" Mixed content: The page at "https://subdomain.domain.com/ /social-auth/complete/azuread-oauth2/?code=LONGSTRING&session_state=SHORTSTRING#' was loaded over a secure connection, but contains a form that targets an insecure endpoint 'http://dpaste.com/'. This endpoint should be made available over a secure connection."

This makes me think it's something outside of AAD and it's a Django issue but on Django side I just get referred to this.

https://github.com/python-social-auth/social-core/blob/dbc880c0d7a7a560de6c09e53ed7a2cf4bc0df01/social_core/utils.py#L256

Initial ? thread:

https://stackoverflow.com/questions/77909518/msal-multi-tenant-web-app-aad-config-json

[rayluo]

Hi @vespo92 , it is hard to tell from your description which sample you started with. We have recently been working on a new Django sample for Microsoft Entra ID. Would you mind give it a try, and then ask your follow-up questions in that repo? Also, please subscribe/watch that repo to receive its new version update notification.

[vespo92]

Hi @rayluo I appreciate the direction. That repo does not have a discussions thread, but to give more context for transparency as we started this journey back in October, there has been dramatic changes since, I will highlight below:

We started with https://learn.microsoft.com/training/modules/msid-django-web-app-sign-in/ which now redirects to https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-web-app-python-sign-in?tabs=windows (leaving full hyperlinks for context).

From there we followed the https://github.com/azure-samples/ms-identity-python-utilities repo which now redirects to https://github.com/Azure-Samples/ms-identity-python-samples-common, still holding the aad.django.config.json which we have in our project folder and added the social-auth-app--django into requirements and settings.py, allowing for the Host Tenant to have successful authentication. External Tenants end up getting the "AuthCanceled at /social-auth/complete/azuread-oauth2/" error messages which appears to be an incompatibility with python-social-auth for multi-tenant applications. To confirm, the Entra ID configuration is set to Multi-Tenant and the MPN ID is application verified with Microsoft.

As a side note, it appears that the Azure-identity is now being deprecated for identity from what I have read on the new Django sample for Microsoft Entra ID.

[rayluo]

I appreciate the direction. That repo does not have a discussions thread

Interesting. I tried to interact with community via Github Discussions, but many people just settled with good old Github Issues. What are the reasons that you prefer Github Discussions over Github Issues?

Anyway. I have enabled the discussions in that new sample's repo just now.

We will shift the follow-up conversations there.