Table of Contents

How to Add Microsoft Entra ID (Azure AD) Authentication (SSO and MFA) to a Java Web Application in 5 Mins with No-Code Datawiza

5 minutes read
Table of Contents

Datawiza’s no-code solution simplifies the normally complex and expensive process of integrating Microsoft Entra ID (formerly Azure AD) authentication, including SSO (Single Sign-On) and MFA (Multi-Factor Authentication), into Java web applications, which typically requires significant code alterations using SDKs. This configuration-based solution allows for swift implementation with just a few clicks in as little as 5 minutes.

In this blog post, we’ll discuss the drawbacks of using Java SDKs for Microsoft Entra ID authentication and demonstrate how Datawiza’s solution provides a streamlined alternative.

Challenges of using Java SDKs for Microsoft Entra ID SSO and MFA

  1. Complexity: Implementing Microsoft Entra ID authentication (SSO and MFA) with Java SDKs requires in-depth knowledge of various protocols, such as SAML, OAuth 2.0 and OpenID Connect (OIDC). This complexity can lead to longer development times and increased risk of errors.

  2. Maintenance: Your development team must continuously monitor and update Java SDKs to maintain compatibility with the latest Microsoft Entra ID (Azure AD) features and security updates. This added workload can lead to security vulnerabilities if not managed properly.

Datawiza: A Simplified Solution for Microsoft Entra ID Authentication

Datawiza streamlines the process of integrating Azure AD authentication into your Java web application, providing several key benefits:

  1. Easy Integration: Datawiza eliminates the need for manual configuration and management of authentication protocols. Our solution handles the complexities of Azure AD integration, allowing you to focus on developing your application.

  2. Centralized Management: Datawiza enables centralized management of authentication policies across multiple applications, ensuring consistent security and access controls throughout your organization.

  3. Enhanced Security: Datawiza’s platform is regularly updated to support the latest Azure AD features and security updates, providing you with a secure and reliable authentication solution.

  4. Reduced Development Time: By streamlining the integration process, Datawiza significantly reduces development time, allowing your team to launch your application faster and more efficiently.

Ready to see how easy it is?  Let’s get started!

Introduction to the Datawiza Platform

The Datawiza Platform is a cloud-delivered, SaaS-based access management solution. It includes a data plane and a control plane: Datawiza Access Proxy and Datawiza Cloud Management Console (DCMC).

Datawiza Access Proxy is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Azure AD on behalf of your applications, so you don’t need to worry about the integration work.

DCMC is a cloud-based management console where you can configure and manage the policies of Datawiza Access Proxy. Such a SaaS-based design makes the whole platform much easier to use.

Prerequisites

Run a Java web application

We use the sample offered in Spring.io Building an Application with Spring Boot as the example in this section. The application running at port 8080 simply returns “Greetings from Spring Boot!”

Spring.io Building an Application with Spring Boot

Step 1: Configurations in Datawiza Cloud Management Console

First, use your Azure AD Admin Account (this account should have the permission to create an application registration in your Azure AD tenant) to log in to the Datawiza Cloud Management Console (DCMC).

The Get started function will guide you through the configuration. After logging in to the DCMC, click on the “Get started” button and follow the steps.

Access Broker

Enter some basic information, such as the deployment name and description:

Deployment Name

Now Add an Application:

Add Application

Configure your application with the following values:

  • Platform: Web
  • App Name: Demo App
  • Public Domain: http://localhost:9772
  • Listen Port: 9772
  • Upstream Servers: http://host.docker.internal:8080

Note that Upstream Servers is the address of the Java application.

  • If you use Mac or Windows, then set the Upstream Servers to http://host.docker.internal:8080 (requires Docker 18.03+).
  • If you use Linux, use ip addr show docker0 to get the docker host IP (e.g., 172.17.0.1) and then set Upstream Servers to http://172.17.0.1:8080 (see this for more details).

Next Configure the IdP:

Configure IdP

Select the Microsoft Azure Active Directory as the Identity Provider and keep the Automatic Generator option enabled. Automatic Generator is an advanced feature offered by Datawiza and Azure AD. It automatically creates a new application registration on your behalf in your Azure AD tenant. Click Create and wait for interaction with Azure AD. All the configurations are now automatically set.

Alternatively, if you want to use an existing web application in your Azure AD tenant, you can disable the option and populate the fields of the form. The Tenant ID, Client ID, and Client Secret are needed. You can follow the tutorial on the right side or the documentation to find out how to create an application registration on Azure AD and get these values in your tenant.

Configure IdP

In the last step, we provide the command lines to pull the Datawiza Access Proxy image and the docker-compose file to run the Datawiza Access Proxy. Execute the command lines in steps 1 & 2 and note down the docker-compose file in step 3 as shown below.

An image of login docker registry

Step 2: Run Datawiza Access Proxy as a sidecar (agent) to your application

After finishing the configuration in DCMC, you can run the Datawiza Access Proxy with the YAML file noted in the previous step. The docker-compose YAML file, named datawiza-access-broker.yaml should then appear like this:

Now, we can use docker-compose to create and start the Datawiza Access Proxy:

docker-compose -f datawiza-access-broker.yaml up -d

That’s it. After executing the command above, the Java application should have SSO enabled with Azure AD.

Now, let’s give it a try.

Open a browser and type in http://localhost:9772. You should see the Azure AD login page as follows:

Microsoft Sign on

If MFA is turned on, you also need to complete the MFA step as shown below. 

After logging in to Azure AD, the Java web application will be shown.

Local host

Summary

Congratulations! You secured a Java web application by adding Azure AD authentication using Datawiza — in minutes instead of weeks or months. This is only a small sampling of what Datawiza can do. See Datawiza’s online docs or official website for much more information. You can also get a free trial by signing in here

Written by the Datawiza team — hope you enjoyed! Join us if you have any questions or need any help on our Discord server.