Azure Authenticator

This topic describes Azure Authenticator API.

Use the Azure Authenticator API to send an authentication request from the Azure instance to Conjur.

For more information about the Azure Authenticator, see Azure Authenticator.

URI

 
POST https://<Conjur-server-hostname>/authn-azure/<service-id>/<account>/<host-id>/authenticate

URI Parameters

service-id

The ID of your Azure Authenticator webservice , for example AzureWs1

account

The organization account name

host-id

The identity of the application running on the Azure VM.

This value should be the full hostname and should include URL encoding for the forward slash (/), for example, host%2Fazure-apps%2FazureVM.

Request

Header

Accept-Encoding: base64
Content-Type: application/x-www-form-urlencoded
 

To encode the access token, you need to include base64 as the encoding format in the Accept-Encoding header. If base64 is not included in the header, a raw token is returned using application/json as the content type.

Body

The body must include the Azure access token for Azure instance.

jwt=eyJhbGciOiJSUzI1NiIs......uTonCA

Example REST request

 
curl -k --request POST 'https://example.com/authn-azure/test/cucumber/host%2Fazure-apps%2Ftest-app-3a/authenticate' --header 'Content-Type: application/x-www-form-urlencoded' --header "Accept-Encoding: base64" --data-urlencode 'jwt=eyJ0e......jjjkl'

Response

Code

Description

200

The response body is the access token

400

Bad request. Check that the body is correct.

401

The request lacks valid authentication credentials

Response 200 example

Header

 
Content-Encoding: base64
Content-Type: text/plain

Body

Returns a base 64 access token of the host whose Azure AD token is provided in the input:

 
eyJwcm90ZWN0ZWQiOiJleUpoYkdjaU9pSmpiMjVxZFhJdWIzSm5MM05zYjNOcGJHOHZkaklpTENKcmFXUWlPaUkyTXpka05HWTFZMlU1WVdJd05ESTVOR0ZpWkRNNFptTmhPV00zWW1Nek5qWTVaak16TWprNU5UUXdZamhsTm1ZeU5tRTBNVGM1T0RFeE1HSm1aRGcwSW4wPSIsInBheWxvYWQiOiJleUp6ZFdJaU9pSmhaRzFwYmlJc0ltbGhkQ0k2TVRVNU9EYzJPVFUwTUgwPSIsInNpZ25hdHVyZSI6Ik5ya25FQTc2MnoweC1GVmRRakZHZVRUbkJzeXFBdlBHSWEyZUxZV3IyYVVGZDU5dHk0aGMxSlRsVGptdmpGNWNtVDNMUnFGbDhYYzNwMDhabEhjbVc0cTdiVnFtM21odmZEdVNVaE13RzhKUk4yRFZQVHZKbkFiT1NPX0JGdWhKdmk2OGJEVGxZSFFmUF81WHY1VWtuWHlLUDR2dGNoSjloMHJuVXN0T0F1YWlkM0RyQW5RV1c2dDRaMzRQajJhT2JrTkZ1TlMxNDBsamNwZ1A1dHdfU19ISzB6d1dlSXF4cjh6eUpTbk5aNjJ1WlhZV25zU051WGZtSWdtVVo2cTJFeVZWWUJ1Zk5SZTNVUmFkU09OYjRIcnFyX21UaGctWHUzMjA2N1h3QmNWZ3lWQ0JrcWtybktuRW1vRzlMRWs2ZjdNQVpDX1BXZnA4NXQ1VFFhVm1iZFlqT2lDTW9GMFoxYkhyZGN2MC1LRnpNRGxHa0pCS1Jxb0xYYkFGakhjMCJ9

For more information about using the access token, see How to use the access token.