[midPoint] Configuring o365 / AzureAD resource

Tue Feb 20 19:43:10 CET 2018

We're new to IM and midPoint (version 3.7; 12/18/2017 build) and having some trouble getting started with setting up a Office 365 / Active Directory  resource ...
  Our end goal is to be able to provision and maintain (name/password/deactivate) email accounts from midPoint (which will import from an upstream HRIS resource).
  We have a sandbox environment for o365 with Azure AD and Exchange;  We only recently moved to this environment, so new to that as well.

Can anyone provide an example or guidance for using Connect-AzureAD, New-AzureADApplication, New-AzureADServicePrincipal, New-AzureADApplicationKeyCredential for the prerequisites of a o365 resource?

Currently we're stuck on a connection/auth error:
org.identityconnectors.framework.common.exceptions.ConnectorException(Error on get to /tenantDetails?api-version=2013-11-08. Error code: 401 Received the following response {"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","value":"Access Token missing or malformed."},"date":"2018-02-08T20:33:34","requestId":"24fbe0f4-81d7-4acd-ad52-85c2e9f1cba9","values":null}})

Resource configuration is below, and I'm using the "Office365Connector 1.2.0.0-SNAPSHOT" connector from a pre-compiled .jar I found in the list archives:
ConnId org.identityconnectors.office365.Office365Connector v1.2.0.0-SNAPSHOT
http://lists.evolveum.com/pipermail/midpoint/2016-June/001995.html

The docs refer to older (Connect-MsolService, New-MsolServicePrincipal, Get-MsolServicePrincipal, Add-MsolRoleMember) powershell commands, and not sure how they translate to the newer set of commands for setting up a resource.

Identity Connectors -> "Office 365 / Azure Active Directory Connector"
  https://wiki.evolveum.com/pages/viewpage.action?pageId=15433824
Resources -> "Office 365 / Azure Active Directory"
  https://wiki.evolveum.com/pages/viewpage.action?pageId=15433819

   <connectorConfiguration xmlns:icfc="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/connector-schema-3">
      <icfc:configurationProperties xmlns:gen527="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/bundle/org.forgerock.openicf.connectors.office365-connector/org.identityconnectors.office365.Office365Connector">
         <gen527:apiEndPoint>graph.windows.net</gen527:apiEndPoint>
         <gen527:tenancy>lab4o365.com</gen527:tenancy>
         <gen527:symetricKey>
            <t:encryptedData>
               <t:encryptionMethod>
                  <t:algorithm>http://www.w3.org/2001/04/xmlenc#aes128-cbc</t:algorithm>
               </t:encryptionMethod>
               <t:keyInfo>
                  <t:keyName>xxxxxxxxxxxx</t:keyName>
               </t:keyInfo>
               <t:cipherData>
                  <t:cipherValue>xxxxxxxxxxxxxxxxxxxx</t:cipherValue>
               </t:cipherData>
            </t:encryptedData>
         </gen527:symetricKey>
         <gen527:authURL>https://accounts.accesscontrol.windows.net/tokens/OAuth/2</gen527:authURL>
         <gen527:principalID>99933698-16ee-4cbd-8eaa-cfbcb476b662</gen527:principalID>
         <gen527:resourceID>00000002-0000-0000-c000-000000000000</gen527:resourceID>
         <gen527:acsPrincipalID>00000001-0000-0000-c000-000000000000</gen527:acsPrincipalID>
         <gen527:immutableIDEncodeMechanism>straight-base64</gen527:immutableIDEncodeMechanism>
      </icfc:configurationProperties>
   </connectorConfiguration>

David Westbrook
Sr Application Developer
Catapult Learning, LLC

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20180220/b3ba8815/attachment.htm>