This is an enhancement. Previously, saml2federation.config or AzureADB2c.config were stored in web.config. Any changes to these configurations resulted into app domain loading/unloading and 1st call slowness. Additionally, any mistake in configuration led to entire POD failure. To overcome this problem, service providers and their respective metadata from saml2Federation.config will be extracted and saved in separate config files. These new config files for the tenant will be stored within "SSO" folder, so that all config files/hook configs reside in one folder. It will be done for Multi-Tenant (MT) and Single Tenant (ST) environments. Single file for both OAuth and Saml2 configuration will be created and maintained. OAuth section will have default OAuth providers and SAML section will have specific service provider configuration.
For SAML2 configuration
- DevOps team will create PowerShell script in BD (New Infra and Upgrade) to separate service providers and their respective metadata from saml2Federation.config and save them in different config files. These new config files will be stored within "SSO" folder, so that all config files/hook configs for that tenant reside in one folder. It will be done for both Multi-Tenant (MT) and Single Tenant (ST) environments.
- Single file will be created and maintained for both OAuth and Saml2 configurations. OAuth section will have default OAuth providers and SAML section will have specific service provider configuration.
- The naming convention of the file would be the service provider’s “<<TenantName>>.config”.
- Read the newly created config files in the code to get the SSO configuration.
- Take backup of saml2Federation.config and AzureADB2C.config files
- Delete saml2Federation.config and AzureADB2C.config files.
- Delete the following sections from web.config file
<saml2Federation configSource="saml2Federation.config"></saml2Federation> and <oauth configSource="AzureAdB2C.config"></oauth>
OAUTH
- DevOps team will create a PowerShell script in BD (New Infra and Upgrade) to separate OAuth Providers from AzureAdB2C.config and save them in different config files. These new config files will be stored in “SSO” folder, so that all config files/hook configs for that tenant resides in one folder. It will be done for both Multi-Tenant (MT) and Single Tenant (ST) environments.
- Single file will be created and maintained for both OAuth and Saml2 configurations. OAuth section will have default OAuth providers and SAML section will have specific service provider configuration
- The naming convention of the file would be tenant name “<<TenantName>>.config”. This file will have all the OAuth providers entry based on the OAuthProvider key value in tenant specific json file.
- Read the newly created config files in the code to get the SSO configuration.
- Take backup of AzureAdB2C.config and Saml2Federation.config files
- Delete file AzureAdB2C.config and Saml2Federation.config files
- Delete following sections from web.config file
<saml2Federation configSource="saml2Federation.config"></saml2Federatio> and <oauth configSource="AzureAdB2C.config"></oauth>
Other Authentication Type
- DevOps team will create a PowerShell script in BD (New Infra and Upgrade) to create default file containing default OAuth Providers from AzureAdB2C.config and save them in different config files. These new config files will be stored in tenant specific folder inside "SSO" folder, so that all config files/hook configs for that tenant resides in one folder. It will be done for both Multi-Tenant (MT) and Single Tenant (ST) environments.
- The naming convention of the file would be tenant name “<<TenantName>>.config”. This file will have only default OAuth providers entries necessary and saml service provider in the section will be left blank
- Read the newly created config files in the code to get the SSO configuration.
- Take backup of AzureAdB2C.config and saml2Federation.config files
- Delete AzureAdB2C.config and saml2Federation.config files
- Delete the following sections from web.config file
<oauth configSource="AzureAdB2C.config"></oauth> and <saml2Federation configSource="saml2Federation.config"></saml2Federation>