Skip to content
This repository has been archived by the owner on Jun 17, 2024. It is now read-only.

Update README.md #64

Merged
merged 1 commit into from
Jan 28, 2022
Merged

Update README.md #64

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ EasyAuth for Kubernetes is a simple Identity and Access Management module that a

Similar to the [security features](https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization) of Azure App Service, EasyAuth for Kubernetes is designed to do four basic functions:
* Authenticate callers via Azure Active Directory
* Validate and refresh tokens
* Authorize callers based on required roles or scopes
* Manage authenticated sessions
* Inject basic information about the user into the request received by your application

EasyAuth uses the [Microsoft Authentication Libary (MSAL)](https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-overview) and Azure AD v2 endpoints, which allows you leverage all features of the [Microsoft Identity Platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview).
EasyAuth uses Azure AD v2 endpoints, which allows you leverage all features of the [Microsoft Identity Platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-overview).

A few of these features include:
* Authenticating employees or business partners
Expand All @@ -20,9 +20,9 @@ A few of these features include:
* Multitenant applications

## Concepts
EasyAuth for Kubernetes integrates with your cluster's [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). When a request is received, the EasyAuth service validates the user's session. If the caller isn't authenticated yet, the service will route the caller to the appropriate Azure AD tenant to #. The service then starts a managed session for the user and adds a cookie or bearer token to the response that will be used to authenticate the caller on future requests.
EasyAuth for Kubernetes integrates with your cluster's [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/). When a request is received, the EasyAuth service validates the user's session. If the caller isn't authenticated yet, the service will route the caller to the appropriate Azure AD tenant to #. The service then starts a managed session for the user and adds a cookie to the response that will be used to authenticate the caller on future requests.

> Note: The authentication flow supports single sign on, so the user will not be prompted for credentials if they are already signed via the Azure AD tenant. Also, user sessions are by default short-lived (60 minutes), so EasyAuth will request a new token and refresh the cookie as needed to maintain the session.
> Note: The authentication flow supports single sign on, so the user will not be prompted for credentials if they are already signed via the Azure AD tenant.

![Basic Flow](docs/media/basic-flow.jpg)

Expand Down