Microsoft Entra ID Authentication for Jampy

Skip to first unread message

Stephen Castles

Jun 20, 2024, 1:10:06 PMJun 20
to Users Mailing List
I would like to set up Microsoft Entra ID to provide access control for I originally tried hosting on the Azure platform as an app service, and I was able to integrate Entra ID very quickly and seamlessly. Though did function on Azure to some extent, I kept running into strange issues and eventually it broke completely and I could not get it running again, which pushed me to try hosting it at PythonAnwhere instead.

The instance running on PythonAnywhere is working great and was much easier to get running, but the trade off has been more difficulty with getting Entra ID working. The first solution I tried was the password based Single Sign On method to use the existing login system. Though configuration was simple, unfortunately it was very buggy and also required a browser extension to function.

I am now looking into using OAuth 2.0 or OpenID Connect to integrate Entra ID with, however it is unclear to me how is structured and what point in the files/code where I would need to integrate the required libraries. Any information or clues are greatly appreciated. Thanks.

Dean D. Babic

Jun 20, 2024, 10:00:56 PMJun 20
to Users Mailing List
Hi Steve, 
have you seen the OAuth in action from here?

And SAML here:

The is now pointed to ipam2. Since 
ipam2 was running SAML demo too, I decided to run OAuth 
demo instead. No worth running the same on two sites.

There is NO need to touch any Jam files to get this running on v7.
All is happening as usual in Task/Server Module. The libs
are installed with pip, just like jam.
The certificates might be needed for the App, but that's not jam issue. 
Also, a local file is used to store the secrets.

I do not know about Entra ID, sounds like a LDAP, so this is really simple
to configure. It was discussed here, and it should work with v5:
Btw, the SSL is a must.

However, the SAML (OAuth), intention was always business users.
This is because of the infrastructure complexity, certificates, etc
and the need to support this project financially. 
Both wont work with v5, I'm afraid.

So, the option is to test v7 and see how it goes for you.
If all working well, decide about which auth method to use,
and we can go from there.

Regarding Azure and Jam, instead of the App service,
the proper VM is better. Why? Because App service has no LibreOffice (LO).
App Service will work, no issues.
But SAML needs a cert, and that cert is the Azure cert.
The LDAP with v5 still might work as usual on App Service,
still, no reports because no LO.




Jun 21, 2024, 1:32:26 AMJun 21
to Users Mailing List
Hi D,

I am still very new to Entra ID, but it seems to support all of the standard protocols including OAuth and SAML. I didn't know that LDAP was an option, I will have to do some more reading on it.

As a learning exercise, I wrote a very simple Flask webapp that uses OAuth to interface with Entra ID using the msal library from Microsoft. After successful login to Microsoft and receiving a token, it shows a hello world message. After I got that working, I thought it may be possible to integrate similar code into v5. Is this possible? If there are no major limitations in the way, I may be willing to invest some time into making it work.

v7 sounds very promising. How stable is it right now? Can a configuration from v5 be easily migrated or duplicated into v7? Is it available for download?


Dean D. Babic

Jun 21, 2024, 2:09:27 AMJun 21
to Users Mailing List
It's Dean :)

Yeah mate, Flask has routing.
Jam v5 is SPA, so there is no routing.
Hence, Flask\Django example won't work with Jam v5.
Jam v7 has routing, so it is not SPA. But, the Docs are not
ready, so can't advise on that yet. Pls visit demos to get the idea
of usability.

Clone devel v7:
Install it:
cd into it
pip install .
python install

- backup index.html from your app
- copy index.html from v7 Demo to your app
- copy template.html from v7 Demo to your app
- start the App
- move stuff from index backup to Template on Builder
- move stuff from index backup to Index on Builder

Hope this helps.

Dean D. Babic

Jun 21, 2024, 8:17:08 AMJun 21
to Users Mailing List
did have a quick look at here:
As mentioned, Flask demo has this routing:






It also has redirects:

     return redirect(url_for("index"))

    return redirect(auth.log_out(url_for("index", _external=True))

     return redirect(url_for("login"))

Hence, v5 can't be used. Luckily, v7 does routing and redirects.
Danijel provided great examples how to do redirects in here:


Stephen Castles

Jun 21, 2024, 3:53:16 PMJun 21
to Users Mailing List
Hi Dean, 

I appreciate you going into further depth about the inner workings of v5 vs v7, this has been a big learning experience for me. 

I was able to get the v7 demo running on PythonAnywhere, but when I try to link it to my own database and reconfigure it I run into some issues. For the sake of keeping things organized here I will start a new thread for my questions about that. 

Reply all
Reply to author
0 new messages