OctopusDeploy · tothegills · Oct 8, 2021 · Oct 8, 2021 · Oct 8, 2021 · Oct 9, 2021
@@ -0,0 +1,8 @@
+# Run this script after installing a new version of Octopus Server, but before starting it (due to file lock and dependency load issues).
+
+$OctopusServerBinaryLocation = "E:\Program Files\Octopus Deploy\Octopus" # Make sure this points to where you install the Octopus Server binaries
+$OctopusServerCustomExtensionsLocation = "C:\ProgramData\Octopus\CustomExtensions\" # This should always point to where the Octopus Server CustomExtenions folder lives
+
+Copy-Item "$OctopusServerBinaryLocation\Octopus.Data.dll" -Destination "$OctopusServerCustomExtensionsLocation" -Force
+Copy-Item "$OctopusServerBinaryLocation\Octopus.Server.Extensibility.Authentication.dll" -Destination "$OctopusServerCustomExtensionsLocation" -Force
+Copy-Item "$OctopusServerBinaryLocation\BuiltInExtensions\Octopus.Server.Extensibility.Authentication.OpenIDConnect.Common.dll" -Destination "$OctopusServerCustomExtensionsLocation" -Force
@@ -24,5 +24,9 @@
     <None Include="..\..\LICENSE.txt" Pack="true" PackagePath=""/>
     <None Include="..\..\build\icon.png" Pack="true" PackagePath=""/>
   </ItemGroup>
-
+    <ItemGroup>
+        <Reference Include="Octopus.Server.Client">
+            <HintPath>C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.Client.dll</HintPath>
+        </Reference>
+    </ItemGroup>
 </Project>
@@ -1,6 +1,7 @@
 using System.ComponentModel;
 using Octopus.Client.Extensibility.Attributes;
 using Octopus.Client.Extensibility.Authentication.OpenIDConnect.Configuration;
+using Octopus.Client.Model;
 
 namespace Octopus.Client.Extensibility.Authentication.AzureAD.Configuration
 {
@@ -16,5 +17,10 @@ public AzureADConfigurationResource()
         [Description("Tell Octopus how to find the roles/groups in the security token from Azure Active Directory (usually \"roles\" or \"groups\")")]
         [Writeable]
         public string RoleClaimType { get; set; }
+
+        [DisplayName("Client Access Key")]
+        [Description("The Azure app registration secret access key. This is used for authenticating against the Azure GraphAPI for group overage lookups. If left blank it will disable Azure GraphAPI lookups. [Learn more](https://github.com/StephenShamakian/OpenIDConnectAuthenticationProviders#readme)")]
+        [Writeable]
+        public SensitiveValue ClientKey { get; set; }
     }
 }
@@ -15,13 +15,13 @@
     <PackageProjectUrl>https://github.com/OctopusDeploy/OpenIDConnectAuthenticationProviders</PackageProjectUrl>
   </PropertyGroup>
 
-  <ItemGroup>
-    <PackageReference Include="Octopus.Server.Client" Version="11.2.3319" />
-  </ItemGroup>
-
   <ItemGroup>
     <None Include="..\..\LICENSE.txt" Pack="true" PackagePath="" />
     <None Include="..\..\build\icon.png" Pack="true" PackagePath="" />
   </ItemGroup>
-
+<ItemGroup>
+    <Reference Include="Octopus.Server.Client">
+        <HintPath>C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.Client.dll</HintPath>
+    </Reference>
+</ItemGroup>
 </Project>
@@ -13,26 +13,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Server.OpenIDConnect.Common
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Server.AzureAD", "Server.AzureAD\Server.AzureAD.csproj", "{8CBCE54C-D501-4ED8-A716-DE64AE5198DA}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Server.GoogleApps", "Server.GoogleApps\Server.GoogleApps.csproj", "{6796E715-F1FA-445D-AF1F-F6C9023A8D07}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Server.Okta", "Server.Okta\Server.Okta.csproj", "{3C7C3079-DF0E-484F-8556-10B18127450B}"
-EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Tests", "Tests", "{C354DA8E-D532-4DAE-8D61-E4F50A0139C8}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Tests", "Tests\Tests.csproj", "{00680371-A6E1-435F-9966-2450C2723E91}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Client.OpenIDConnect", "Client.OpenIDConnect\Client.OpenIDConnect.csproj", "{2B189A86-73DB-495F-B2B7-104672DB1580}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Client.AzureAD", "Client.AzureAD\Client.AzureAD.csproj", "{A0DD0DD3-B040-45D7-A4E3-C4601C63D8B9}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Client.GoogleApps", "Client.GoogleApps\Client.GoogleApps.csproj", "{30B0B7CB-8DF3-4DA0-9956-83CCCAD8694F}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Client.Okta", "Client.Okta\Client.Okta.csproj", "{580B0996-346B-44F5-8411-C9F8EA04869D}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Server.OctopusID", "Server.OctopusID\Server.OctopusID.csproj", "{F0421EFD-B724-4A4F-BC0D-9394B4EE520E}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Client.OctopusID", "Client.OctopusID\Client.OctopusID.csproj", "{4186AB53-9506-4932-AF33-A5D013DA590C}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "_build", "..\build\_build.csproj", "{C9D46DEE-82B4-48B1-968D-5E2B64B96B18}"
 EndProject
 Global
@@ -51,18 +35,6 @@ Global
 		{8CBCE54C-D501-4ED8-A716-DE64AE5198DA}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{8CBCE54C-D501-4ED8-A716-DE64AE5198DA}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{8CBCE54C-D501-4ED8-A716-DE64AE5198DA}.Release|Any CPU.Build.0 = Release|Any CPU
-		{6796E715-F1FA-445D-AF1F-F6C9023A8D07}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{6796E715-F1FA-445D-AF1F-F6C9023A8D07}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{6796E715-F1FA-445D-AF1F-F6C9023A8D07}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{6796E715-F1FA-445D-AF1F-F6C9023A8D07}.Release|Any CPU.Build.0 = Release|Any CPU
-		{3C7C3079-DF0E-484F-8556-10B18127450B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{3C7C3079-DF0E-484F-8556-10B18127450B}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{3C7C3079-DF0E-484F-8556-10B18127450B}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{3C7C3079-DF0E-484F-8556-10B18127450B}.Release|Any CPU.Build.0 = Release|Any CPU
-		{00680371-A6E1-435F-9966-2450C2723E91}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{00680371-A6E1-435F-9966-2450C2723E91}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{00680371-A6E1-435F-9966-2450C2723E91}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{00680371-A6E1-435F-9966-2450C2723E91}.Release|Any CPU.Build.0 = Release|Any CPU
 		{2B189A86-73DB-495F-B2B7-104672DB1580}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{2B189A86-73DB-495F-B2B7-104672DB1580}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{2B189A86-73DB-495F-B2B7-104672DB1580}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -71,28 +43,11 @@ Global
 		{A0DD0DD3-B040-45D7-A4E3-C4601C63D8B9}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A0DD0DD3-B040-45D7-A4E3-C4601C63D8B9}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A0DD0DD3-B040-45D7-A4E3-C4601C63D8B9}.Release|Any CPU.Build.0 = Release|Any CPU
-		{30B0B7CB-8DF3-4DA0-9956-83CCCAD8694F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{30B0B7CB-8DF3-4DA0-9956-83CCCAD8694F}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{30B0B7CB-8DF3-4DA0-9956-83CCCAD8694F}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{30B0B7CB-8DF3-4DA0-9956-83CCCAD8694F}.Release|Any CPU.Build.0 = Release|Any CPU
-		{580B0996-346B-44F5-8411-C9F8EA04869D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{580B0996-346B-44F5-8411-C9F8EA04869D}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{580B0996-346B-44F5-8411-C9F8EA04869D}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{580B0996-346B-44F5-8411-C9F8EA04869D}.Release|Any CPU.Build.0 = Release|Any CPU
-		{F0421EFD-B724-4A4F-BC0D-9394B4EE520E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{F0421EFD-B724-4A4F-BC0D-9394B4EE520E}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{F0421EFD-B724-4A4F-BC0D-9394B4EE520E}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{F0421EFD-B724-4A4F-BC0D-9394B4EE520E}.Release|Any CPU.Build.0 = Release|Any CPU
-		{4186AB53-9506-4932-AF33-A5D013DA590C}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{4186AB53-9506-4932-AF33-A5D013DA590C}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{4186AB53-9506-4932-AF33-A5D013DA590C}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{4186AB53-9506-4932-AF33-A5D013DA590C}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
-		{00680371-A6E1-435F-9966-2450C2723E91} = {C354DA8E-D532-4DAE-8D61-E4F50A0139C8}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {6EC7C479-5684-490E-B66E-D85F4F015923}

@@ -11,12 +11,31 @@ namespace Octopus.Server.Extensibility.Authentication.AzureAD
     class AzureADApi : OpenIDConnectModule<AzureADUserAuthenticationAction, IAzureADConfigurationStore, AzureADUserAuthenticatedAction, IAzureADAuthTokenHandler, IAzureADIdentityCreator>
     {
         public AzureADApi(
-            IAzureADConfigurationStore configurationStore, AzureADAuthenticationProvider authenticationProvider)
+            IAzureADConfigurationStore configurationStore,
+            AzureADAuthenticationProvider authenticationProvider)
             : base(configurationStore, authenticationProvider)
         {
-            Add<AzureADUserAuthenticationAction>("POST", authenticationProvider.AuthenticateUri, RouteCategory.Raw, new AnonymousWhenEnabledEndpointInvocation<IAzureADConfigurationStore>(), null, "OpenIDConnect");
-            Add<AzureADUserAuthenticatedAction>("POST", configurationStore.RedirectUri, RouteCategory.Raw, new AnonymousWhenEnabledEndpointInvocation<IAzureADConfigurationStore>(), null, "OpenIDConnect");
-            Add<AzureADUserAuthenticatedPkceAction>("GET", configurationStore.RedirectUri, RouteCategory.Raw, new AnonymousWhenEnabledEndpointInvocation<IAzureADConfigurationStore>(), null, "OpenIDConnect");
+            Add<AzureADUserAuthenticationAction>(
+                "POST",
+                authenticationProvider.AuthenticateUri,
+                RouteCategory.Raw,
+                new AnonymousWhenEnabledEndpointInvocation<IAzureADConfigurationStore>(),
+                null,
+                "OpenIDConnect");
+            Add<AzureADUserAuthenticatedAction>(
+                "POST",
+                configurationStore.RedirectUri,
+                RouteCategory.Raw,
+                new AnonymousWhenEnabledEndpointInvocation<IAzureADConfigurationStore>(),
+                null,
+                "OpenIDConnect");
+            Add<AzureADUserAuthenticatedPkceAction>(
+                "GET",
+                configurationStore.RedirectUri,
+                RouteCategory.Raw,
+                new AnonymousWhenEnabledEndpointInvocation<IAzureADConfigurationStore>(),
+                null,
+                "OpenIDConnect");
         }
     }
-}
+}
@@ -2,14 +2,14 @@
 using System.Collections.Generic;
 using Octopus.Diagnostics;
 using Octopus.Server.Extensibility.Authentication.AzureAD.Configuration;
-using Octopus.Server.Extensibility.Authentication.OpenIDConnect;
 using Octopus.Server.Extensibility.Authentication.OpenIDConnect.Common;
 
 namespace Octopus.Server.Extensibility.Authentication.AzureAD
 {
     class AzureADAuthenticationProvider : OpenIDConnectAuthenticationProvider<IAzureADConfigurationStore>
     {
         public const string ProviderName = "Azure AD";
+
         public AzureADAuthenticationProvider(ISystemLog log, IAzureADConfigurationStore configurationStore) : base(log, configurationStore)
         {
         }
@@ -21,11 +21,19 @@ protected override IEnumerable<string> ReasonsWhyConfigIsIncomplete()
         {
             var issuer = ConfigurationStore.GetIssuer();
             if (string.IsNullOrWhiteSpace(issuer))
+            {
                 yield return $"No {IdentityProviderName} issuer specified";
+            }
+
             if (!Uri.IsWellFormedUriString(issuer, UriKind.Absolute))
+            {
                 yield return $"The {IdentityProviderName} issuer must be an absolute URI (expected format: https://login.microsoftonline.com/[issuer guid])";
+            }
+
             if (string.IsNullOrWhiteSpace(ConfigurationStore.GetClientId()))
+            {
                 yield return $"No {IdentityProviderName} Client ID specified";
+            }
         }
     }
-}
+}