Skip to content

Commit

Permalink
udpate pic link from relative to absolute ones (Azure#21251)
Browse files Browse the repository at this point in the history 
* udpate pic link from relative to absolute ones

* update cert starter
  • Loading branch information
@yiliuTo
yiliuTo authored May 10, 2021
1 parent 7641fcd commit 6df89d4
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 39 deletions.
12 changes: 6 additions & 6 deletions sdk/spring/azure-spring-boot-starter-active-directory-b2c/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ accept or deny access after validating access_token obtained from Azure AD. We w
1. Accessing a resource server.
1. Resource server accessing other resource servers.

![B2C Web application & Web Api Overall](resource/b2c-webapp-webapi-overall.png)
![B2C Web application & Web Api Overall](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory-b2c/resource/b2c-webapp-webapi-overall.png)

### Accessing a web application

Expand All @@ -71,7 +71,7 @@ This scenario uses the [The OAuth 2.0 authorization code grant] flow to login in
select **Delegated permissions**, check **offline_access** and **openid** permissions, select **Add permission** to complete the process.

1. Grant admin consent for ***Graph*** permissions.
![Add Graph permissions](resource/add-graph-permissions.png)
![Add Graph permissions](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory-b2c/resource/add-graph-permissions.png)

1. Add the following dependencies in your *pom.xml*.

Expand Down Expand Up @@ -219,13 +219,13 @@ This scenario is based on **Accessing a web application** scenario to allow appl
}
```

![Configure WebApiA appRoles](resource/configure-app-roles.png)
![Configure WebApiA appRoles](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory-b2c/resource/configure-app-roles.png)

1. Select **API permissions** > **Add a permission** > **My APIs**, select ***WebApiA*** application name,
select **Application Permissions**, select **WebApiA.SampleScope** permission, select **Add permission** to complete the process.

1. Grant admin consent for ***WebApiA*** permissions.
![Add WebApiA permission](resource/add-webapia-permission.png)
![Add WebApiA permission](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory-b2c/resource/add-webapia-permission.png)

1. Add the following dependency on the basis of **Accessing a web application** scenario.

Expand Down Expand Up @@ -392,10 +392,10 @@ This scenario is an upgrade of **Accessing a resource server**, supports access
}
```

![Configure WebApiB appRoles](resource/expose-web-api-b-approle.png)
![Configure WebApiB appRoles](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory-b2c/resource/expose-web-api-b-approle.png)

1. Grant admin consent for ***WebApiB*** permissions.
![Add WebApiB permission](resource/add-webapib-permission-to-webapia.png)
![Add WebApiB permission](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory-b2c/resource/add-webapib-permission-to-webapia.png)

1. On the basis of **Accessing a resource server**, add a dependency in your *pom.xml*.

Expand Down
24 changes: 12 additions & 12 deletions sdk/spring/azure-spring-boot-starter-active-directory/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,14 +31,14 @@ This scenario uses the [The OAuth 2.0 authorization code grant] flow to login in

**System diagram**:

![Standalone Web Application](resource/web-application.png)
![Standalone Web Application](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/web-application.png)


* Step 1: Make sure `redirect URI` has been set to `{application-base-uri}/login/oauth2/code/`, for
example `http://localhost:8080/login/oauth2/code/`. Note the tailing `/` cannot be omitted.

![web-application-set-redirect-uri-1.png](resource/web-application-set-redirect-uri-1.png)
![web-application-set-redirect-uri-2.png](resource/web-application-set-redirect-uri-2.png)
![web-application-set-redirect-uri-1.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/web-application-set-redirect-uri-1.png)
![web-application-set-redirect-uri-2.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/web-application-set-redirect-uri-2.png)

* Step 2: Add the following dependencies in your pom.xml.

Expand Down Expand Up @@ -96,7 +96,7 @@ example `http://localhost:8080/login/oauth2/code/`. Note the tailing `/` cannot

**System diagram**:

![web-application-visiting-resource-servers.png](resource/web-application-visiting-resource-servers.png)
![web-application-visiting-resource-servers.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/web-application-visiting-resource-servers.png)

* Step 1: Make sure `redirect URI` has been set, just like [Accessing a web application].

Expand Down Expand Up @@ -150,7 +150,7 @@ This scenario not support login. Just protect the server by validating the acces

**System diagram**:

![Standalone resource server usage](resource/resource-server.png)
![Standalone resource server usage](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/resource-server.png)

To use **aad-starter** in this scenario, we need these steps:

Expand Down Expand Up @@ -179,8 +179,8 @@ To use **aad-starter** in this scenario, we need these steps:
```
Both `client-id` and `app-id-uri` can be used to verify access token. `app-id-uri` can be get in Azure Portal:

![get-app-id-uri-1.png](resource/get-app-id-uri-1.png)
![get-app-id-uri-2.png](resource/get-app-id-uri-2.png)
![get-app-id-uri-1.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/get-app-id-uri-1.png)
![get-app-id-uri-2.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/get-app-id-uri-2.png)

* Step 3: Write Java code:

Expand Down Expand Up @@ -212,7 +212,7 @@ This scenario support visit other resource servers in resource servers.

**System diagram**:

![resource-server-visiting-other-resource-servers.png](resource/resource-server-visiting-other-resource-servers.png)
![resource-server-visiting-other-resource-servers.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/resource-server-visiting-other-resource-servers.png)

To use **aad-starter** in this scenario, we need these steps:

Expand Down Expand Up @@ -480,7 +480,7 @@ This starter supports [Conditional Access] policy. By using [Conditional Access]

In [Resource server visiting other resource server] scenario(For better description, we think that resource server with OBO function as **webapiA** and the other resource servers as **webapiB**), When we configure the webapiB application with Conditional Access(such as [multi-factor authentication]), this stater will help us send the Conditional Access information of the webapiA to the web application and the web application will help us complete the Conditional Access Policy. As shown below:

![aad-conditional-access-flow.png](resource/aad-conditional-access-flow.png)
![aad-conditional-access-flow.png](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/aad-conditional-access-flow.png)



Expand All @@ -491,13 +491,13 @@ In [Resource server visiting other resource server] scenario(For better descript

* Step 1: Follow the guide to create conditional access policy for webapiB.

![aad-create-conditional-access](resource/aad-create-conditional-access.png)
![aad-create-conditional-access](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/aad-create-conditional-access.png)

![aad-conditional-access-add-application](resource/aad-conditional-access-add-application.png)
![aad-conditional-access-add-application](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/aad-conditional-access-add-application.png)

* Step 2: [Require MFA for all users] or specify the user account in your policy.

![aad-create-conditional-access](resource/aad-conditional-access-add-user.png)
![aad-create-conditional-access](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/resource/aad-conditional-access-add-user.png)

* Step 3: Follow the guide, configure our samples.
1. **webapiB**: [configure webapiB]
Expand Down
42 changes: 21 additions & 21 deletions sdk/spring/azure-spring-boot-starter-keyvault-certificates/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,39 +28,39 @@ Azure Key Vault Certificates Spring Boot Starter is Spring starter for [Azure Ke
1. Input `Key Vault`.

1. Click `Key Vault`
![Find Azure Key Vault Resource 01](resource/creating-an-azure-key-vault-01.png)
![Find Azure Key Vault Resource 01](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/creating-an-azure-key-vault-01.png)

![Find Azure Key Vault Resource 02](resource/creating-an-azure-key-vault-02.png)
![Find Azure Key Vault Resource 02](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/creating-an-azure-key-vault-02.png)

1. Click **Create**.

![Create new Key Vault](resource/creating-an-azure-key-vault-03.png)
![Create new Key Vault](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/creating-an-azure-key-vault-03.png)

1. On the **Create key vault** page, input `Subscription`, `Resource group`, `Key vault name` and `Pricing tier`, then click `Review + Create`.

![Specify the options](resource/specify-the-options.png)
![Specify the options](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/specify-the-options.png)

![Create Key Vault resource](resource/create-key-vault-resource.png)
![Create Key Vault resource](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/create-key-vault-resource.png)

1. When complete, click `Go to resource`.

![Go to resource](resource/go-to-resource.png)
![Go to resource](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/go-to-resource.png)

1. When the page for your app registration appears, copy your **Vault URI**;

![Save vault uri](resource/save-vault-uri.png)
![Save vault uri](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/save-vault-uri.png)

1. Click **Certificates** in the left navigation pane. Then click **Generate/Import**.

![Create Certificates](resource/create-certificates.png)
![Create Certificates](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/create-certificates.png)

1. Enter a **Certificates name**, and enter a **Subject** like `CN=mydomain.com`. then click **create**.

![Specify Certificates Info](resource/specify-certificates-info.png)
![Specify Certificates Info](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/specify-certificates-info.png)

1. After the certificate is successfully created, it takes a while for the status to become `Enabled`. You can click **refresh** to check current status.

![Check Certificates status](resource/check-certificates-status.png)
![Check Certificates status](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/check-certificates-status.png)

## Key concepts
This starter allows you to securely manage and tightly control your certificates by using Azure Key Vault or side-load certificates by supplying them as part of the application.
Expand All @@ -74,31 +74,31 @@ This starter allows you to securely manage and tightly control your certificates

2. Click **Azure Active Directory**.

![Select Azure Active Directory](resource/select-azure-active-directory.png)
![Select Azure Active Directory](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/select-azure-active-directory.png)

1. From the portal menu, Click **App registrations**,

1. Click **New registration**.

![New registration](resource/new-registration.png)
![New registration](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/new-registration.png)

1. Specify your application, and then Click **Register**.

![Specify application](resource/specify-application.png)
![Specify application](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/specify-application.png)

1. When the page for your app registration appears, copy your **Application ID** and the **Tenant ID**;

![Get info for app](resource/get-info-for-app.png)
![Get info for app](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/get-info-for-app.png)

1. Click **Certificates & secrets** in the left navigation pane. Then click **New client secret**.

1. Add a **Description** and click duration in the **Expires** list. Click **Add**. The value for the key will be automatically filled in.

![Create secrets](resource/create-secrets.png)
![Create secrets](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/create-secrets.png)

1. Copy and save the value of the client secret. (You will not be able to retrieve this value later.)

![Copy secrets](resource/copy-secrets.png)
![Copy secrets](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/copy-secrets.png)

Add these items in your `application.yml`:
```yaml
Expand All @@ -119,23 +119,23 @@ Make sure the client-id can access target Key Vault. Here are steps to configure
1. Type your key vault name in **Search resources, services, and docs** and click your key vault created before.
![Back to key vault](resource/back-to-key-vault.png)
![Back to key vault](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/back-to-key-vault.png)
1. Click **Access policies** in the left navigation pane. Then click **Add Access Policy**.
![Add Access Policy](resource/add-access-policy.png)
![Add Access Policy](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/add-access-policy.png)
1. Select **Key, Secret, &Certificate Management** as **Configure for template(optional)**. Permissions will be added automatically.
![Select configure](resource/select-configure.png)
![Select configure](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/select-configure.png)
1. Click **None selected** and choose application created before, click **Select**, then click **Add**.
![Choose application](resource/choose-application.png)
![Choose application](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/choose-application.png)
1. Click **Save**.
![Save Access Policy](resource/save-access-policy.png)
![Save Access Policy](https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-keyvault-certificates/resource/save-access-policy.png)
#### Using a managed identity
Expand Down

0 comments on commit 6df89d4

Please sign in to comment.