none
Connect BizTalk 2016 to Azure AD RRS feed

  • Question

  • Hi,<o:p></o:p>

    How is the best way to connect from BizTalk (on premise) to Azure AD?<o:p></o:p>

    Is that possible ?<o:p></o:p>

    Thanks,<o:p></o:p>

    Alex<o:p></o:p>


    Wednesday, November 16, 2016 1:49 PM

Answers

  • The idea is to read all Azure Ad Users and synchronize it with an external application.

    Relatively unexplored area. You can make use of The Azure Active Directory Graph REST API and connect using WCF-Webhttp adapter.

    The Azure Active Directory Graph API provides programmatic access to Azure Active Directory through REST API endpoints. Apps can use the Azure AD Graph API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users, groups, and organizational contacts.

    Azure Active Directory Graph API topic on Azure.com: Provides a brief overview of Graph API features and scenarios.

    Refer: Operations on users | Graph API reference

    Performing REST operations on users

    To perform operations on users with the Graph API, you send HTTP requests with a supported method (GET, POST, PATCH, PUT, or DELETE) to an endpoint that targets the users resource collection, a specific user, a navigation property of a user, or a function or action that can be called on a user.

    Graph API requests use the following basic URL:

    https://graph.windows.net/{tenant_id}/{resource_path}?{api_version}[odata_query_parameters]

    You specify the resource path differently depending on whether you are targeting the collection of all users in your tenant, an individual user, or a navigation property of a specific user.

    • /users targets the user resource collection. You can use this resource path to read all users or a filtered list of users in your tenant or to create one or more new users in your tenant.


    Rachit Sikroria (Microsoft Azure MVP)

    Wednesday, November 16, 2016 7:01 PM
    Moderator
  • Hi Rachit,

    could you please provide:

    How can I map the msg from Graph REST API.

    It's needed to create schema or can I get the schema from API ?

    Thx,

    Alex

    Hi,

    You have to first construct a Graph API URL against which you want to perform CRUD operations. As you would be performing GET operation you wont be needing sample request as GET operation does not require message payload as they are entirely URL driven.

    So like if you wish to retrieve all the Users from Active directory, your URL will be something like:

    https://graph.windows.net/myorganization/users?api-version[&$filter]

    for any specific User you wish to retrieve, URL will be like:

    https://graph.windows.net/myorganization/users/{user_id}?api-version

    Refer Operations on users | Graph API reference to explore how to go about it.

    Once you have the URL ready you can make use of tools like Fidder to test the service and get JSON response from the service then you can use the JSON schema wizard to create the XML schemas from your JSON payload.

    On who to consume the Restful endpoint in BizTalk you can refer below articles:


    http://social.technet.microsoft.com/wiki/contents/articles/18935.biztalk-server-2013-consuming-a-restful-endpoint-using-wcf-webhttp.aspx

    https://seroter.wordpress.com/2012/11/19/exploring-rest-capabilities-of-biztalk-server-2013-part-2-consuming-rest-endpoints/


    Rachit Sikroria (Microsoft Azure MVP)

    Tuesday, November 22, 2016 2:36 AM
    Moderator
  • Thanks Rachit.
    Tuesday, November 22, 2016 8:16 AM

All replies

  • Hello Alexander,

    You can make use of BizTalk WCF Behaviour Extension for WAAD Authentication

    In BizTalk you can then configure a send port to send to an API which is secured with Azure AD and you will be able to easily obtain a token to access the service in a very standard BizTalk fashion through send port configuration.  Below is an example of the configuration of the behaviour extension on a BizTalk send port.

    Port Config


    Rachit Sikroria (Microsoft Azure MVP)

    Wednesday, November 16, 2016 2:01 PM
    Moderator
  • Thanks.

    And could you so read all Azure AD User and save in DB for Sync with other Applications?

    Wednesday, November 16, 2016 2:52 PM
  • What do you mean by 'connect'?

    What precisely are you trying to do?

    Wednesday, November 16, 2016 3:23 PM
  • The idea is to read all Azure Ad Users and synchronize it with an external application.
    Wednesday, November 16, 2016 3:29 PM
  • The idea is to read all Azure Ad Users and synchronize it with an external application.

    Relatively unexplored area. You can make use of The Azure Active Directory Graph REST API and connect using WCF-Webhttp adapter.

    The Azure Active Directory Graph API provides programmatic access to Azure Active Directory through REST API endpoints. Apps can use the Azure AD Graph API to perform create, read, update, and delete (CRUD) operations on directory data and directory objects, such as users, groups, and organizational contacts.

    Azure Active Directory Graph API topic on Azure.com: Provides a brief overview of Graph API features and scenarios.

    Refer: Operations on users | Graph API reference

    Performing REST operations on users

    To perform operations on users with the Graph API, you send HTTP requests with a supported method (GET, POST, PATCH, PUT, or DELETE) to an endpoint that targets the users resource collection, a specific user, a navigation property of a user, or a function or action that can be called on a user.

    Graph API requests use the following basic URL:

    https://graph.windows.net/{tenant_id}/{resource_path}?{api_version}[odata_query_parameters]

    You specify the resource path differently depending on whether you are targeting the collection of all users in your tenant, an individual user, or a navigation property of a specific user.

    • /users targets the user resource collection. You can use this resource path to read all users or a filtered list of users in your tenant or to create one or more new users in your tenant.


    Rachit Sikroria (Microsoft Azure MVP)

    Wednesday, November 16, 2016 7:01 PM
    Moderator
  • Really very interassant approach.

    What do you think about using PowerShell in Orchestation to read Azure Ad User?

    Wednesday, November 16, 2016 9:03 PM
  • Well! Not directly through BizTalk but ou can execute PowerShell Script from C# helper and call helper from orchestration, these articles may be helpful for you:

    How to run PowerShell scripts from C#:

    https://blogs.msdn.microsoft.com/kebab/2014/04/28/executing-powershell-scripts-from-c/

    http://www.codeproject.com/Articles/18229/How-to-run-PowerShell-scripts-from-C

    Having said that, the right approach with be to make use of The Azure Active Directory Graph REST API and connect using WCF-Webhttp adapter.


    Rachit Sikroria (Microsoft Azure MVP)

    Thursday, November 17, 2016 4:00 AM
    Moderator
  • Hi Rachit

    Thanks for the information. I will report which way has worked.

    Thursday, November 17, 2016 9:25 AM
  • Hi Rachit,

    could you please provide:

    How can I map the msg from Graph REST API.

    It's needed to create schema or can I get the schema from API ?

    Thx,

    Alex

    Monday, November 21, 2016 4:18 PM
  • Hi Alexander. ActiveADAPTER (where I work) is developing an Azure AD adapter for this. An evaluation version is scheduled to be on our web site in late January. I will be interested to hear how you get on with the solutions suggested here. Cheers, Cameron.
    Tuesday, November 22, 2016 1:15 AM
  • Hi Rachit,

    could you please provide:

    How can I map the msg from Graph REST API.

    It's needed to create schema or can I get the schema from API ?

    Thx,

    Alex

    Hi,

    You have to first construct a Graph API URL against which you want to perform CRUD operations. As you would be performing GET operation you wont be needing sample request as GET operation does not require message payload as they are entirely URL driven.

    So like if you wish to retrieve all the Users from Active directory, your URL will be something like:

    https://graph.windows.net/myorganization/users?api-version[&$filter]

    for any specific User you wish to retrieve, URL will be like:

    https://graph.windows.net/myorganization/users/{user_id}?api-version

    Refer Operations on users | Graph API reference to explore how to go about it.

    Once you have the URL ready you can make use of tools like Fidder to test the service and get JSON response from the service then you can use the JSON schema wizard to create the XML schemas from your JSON payload.

    On who to consume the Restful endpoint in BizTalk you can refer below articles:


    http://social.technet.microsoft.com/wiki/contents/articles/18935.biztalk-server-2013-consuming-a-restful-endpoint-using-wcf-webhttp.aspx

    https://seroter.wordpress.com/2012/11/19/exploring-rest-capabilities-of-biztalk-server-2013-part-2-consuming-rest-endpoints/


    Rachit Sikroria (Microsoft Azure MVP)

    Tuesday, November 22, 2016 2:36 AM
    Moderator
  • Thanks Rachit.
    Tuesday, November 22, 2016 8:16 AM
  • Hi Alexander,

    For the benefit of future readers, can you please mark the posts as "Mark as answer" which helped you find the solution for your requirement.


    Rachit Sikroria (Microsoft Azure MVP)

    Tuesday, November 22, 2016 8:37 AM
    Moderator