Microsoft Windows Live sign-in

Add Windows Live sign-in as an authentication method to Integrity Web

Let your consumers use their existing Windows Live account to sign in to any service protected by Integrity Web.

Guide prerequisite:

Integrity Web installed
DNS-name and certificates in place for the Integrity Web https-host
Enterprise Entra ID admin account (for production purposes, for test you may use another Entra ID account)

Add authentication method

Add this configuration to the Authn module in the configuration:

  {
                        "id": "mswindowslive",
                        "type": "OIDCRP",
                        "config": {
                            "base_path": "/saml/authn",
                            "discovery_metadata_url": "https://login.live.com/.well-known/openid-configuration",
                            "internal_http_destination": "default",
                           "client_id": "windows.client.id.value",
                            "client_secret": "windows.client.secret.value",
                            "redirect_uri": "https://my.own.host/saml/authn/mswindowslive",
                            "jwt_subject_parameter": "email",
                           "scope" : "openid email"
                        }
                    }

Change the DNS host name of the redirect_uri to match your environment. Copy the value of the redirect_uri as this will be used in a later step.

Microsoft Azure AD (Entra ID) configuration

Sign in to portal.azure.com
Click App registrations
Click New registration
Enter a name, such as Integrity
Select the third option, Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)
Add the redirect URI copied from previous step. Select Web as the platform. Example:

Click Register
Select Certificates and Secrets
Client Secrets
New client secret
Enter a description, such as Integrity
Select Expires
Click Add
Once created, copy the client secret value (shown in the column Value). This will be used in a later step.
Click Overview
Copy the Application (client) id value. This will be used in a later step.

Add client credentials

Open the Integrity Web configuration
Locate the Windows Live Authentication method added in previous step
Replace the client_id and client_secret values with the values copied in previous step.

Example:

  {
                        "id": "mswindowslive",
                        "type": "OIDCRP",
                        "config": {
                            "base_path": "/saml/authn",
                            "discovery_metadata_url": "https://login.live.com/.well-known/openid-configuration",
                            "internal_http_destination": "default",
                           "client_id": "frs3123-45db-123e-9cf1-561eaacad221",
                            "client_secret": "gu22~jSHT.234jsdsd234sdfP~uFlykHkSq34sdgsg",
                            "redirect_uri": "https://my.own.host/saml/authn/mswindowslive",
                            "jwt_subject_parameter": "email",
                           "scope" : "openid email"
                        }
                    }

Test

Alter the configuration to point to the new Windows Live authenticator, either directly or as a selector option.

Browse to the service protected by Integrity Web.

Select Windows Live as authentication method.

Your browser should now be redirected to the Windows Live sign-in site.

Enter your Windows Live credentials and approve the authentication.

You should now be redirected back to Integrity and then to the service with a valid authentication.

Use server.log for error tracing and debugging. Fix accordingly and test again.

Sample configuration

A sample Integrity Web configuration, including a number of different social provider sign-in options, can be downloaded here.

PreviousGoogle sign-in NextFacebook sign-in

Last updated 2 years ago