This is an example of how to create a JFrog Platform OIDC integration between the JFrog Platform and Azure.
For information about setting up Azure OIDC integration, see Configure Azure OIDC Provider.
In the JFrog Platform, create an OIDC integration between Azure to the JFrog Platform:
Navigate to the Administration tab In the JFrog Platform UI.
Click General Management | Integrations.
The Integrations page appears.
Provide a unique alphanumeric name for the provider name.
Select the Azure provider type and enter a meaningful description.
In the Azure Platform:
Sign in to the Azure portal and navigate to your app.
Select Authentication in the menu on the left. Select the Endpoints tab.
In the OpenID Connect metadata document field, copy the URL without the section "
well-known/openid-configuration
".For example:
https://login.microsoftonline.com/<tenant-id>/v2.0
In the JFrog Platform, OIDC Integrations page, copy the URL from the previous step to the Provider URL field.
In the Azure Platform, in the Azure portal:
Select Expose an API in the menu on the left. Select the Endpoints tab.
Copy the Application ID URI field.
In the JFrog Platform, OIDC Integrations page, copy the URL from the previous step to the Audience field.
Retrieve the Azure OIDC ID Token. Following is an example of how to do this.
In Postman, run the Get Azure ID Token API.
An example of the API payload could be as follows:
client_id=e75acab0-bef0-4e34-8edd-2eab45f1e5dc&grant_type=client_credentials&scope=api://e75acab0-bef0-4e34-8edd-2eab45f1e5dc/.default&client_secret=xxxxxxxxxxxxxxxxxxxxx
From the Results Body, copy the Access Token.
Decode, verify and generate the JSON Web Token (JWT), for example using jwt.io:
Copy the access token from the previous step into the Encoded field.
In the Decoded field, in the Payload Data section, copy the issuer URL from the iss parameter.
In the JFrog Platform, OIDC Integrations page, copy the issuer URL from the previous step to the Token Issuer field.
Click Save and Continue.
In the Identity Mappings window, fill in the mapping details.
Provide a name and priority.
Define the JSON Claims to fit your requirements. As an example, you can use the subject from jwt.io, in the Decoded field Payload Data section, copy the subject name/value pair.
In the JFrog Platform, Identity Mappings window, add the JSON Claims. For example, you can copy the subject from the previous step to the Claims JSON field.
In the JFrog Platform, Identity Mappings window:
Enter a user name.
For the Service field, select a service or click All.
Define a token expiration time.
Click Save.
In the JFrog Platform, OIDC Integrations page, click Save.
To exchange tokens, get the Azure ID Token. Following is an example of how to do this:
In Postman, run the Get Azure ID Token API.
From the Results Body, copy the Access Token.
In Postman, for the JFrog OIDC Token Exchange API, in the payload body, copy the access token from the previous step into the subject token value.
Set the provider name to be the unique name previously selected. Set the grant type to be token exchange. Click Send.
From the response body, copy the Access Token.
Use the acquired token in requests to Artifactory APIs.