Skip to content

Rabbitmq SSO

Setting SSO for Rabbitmq

Reference - https://www.rabbitmq.com/docs/next/oauth2-examples-entra-id

Following are high level stesp:-

1) Create App Registration for Rabbitmq in Entra

Add Redirect url
- Add roles - Rabbitmnq Management UI supports tags and for granular roles we can use Read, Write, configure permissions

  • Create Secret and note it down
  • Add users and assign roles to corresponding Enterprise Application

2) Configure Rabbitmq advance Config - (look at extraConfiguration)

https://dev.azure.com/MAJORITY/Bank/_git/bank-azure-infrastructure?path=/Minority/RabbitMQ-persist/values.yaml



Azure Devops pipeline will replace the "rabbitmqsso" entra applicationId and secret in the pipeline.

If Entra Secret expires we will fail logging in. So Create a new secret in Entra for here - https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/~/Credentials/appId/5dc0d761-b1fa-4939-8875-d0db60def2aa/isMSAApp~/false

And update this secret in Azure Devops pipeline here - https://dev.azure.com/MAJORITY/Bank/_build?definitionId=707

How it works

1) Rabbitmq will use the application id and secret to request a jwt token to entra
2) Entra authorize the user and sends back the roles/claims in jwt token and redirects to the defined url
3) Rabbitmq trusts entra and gives roles to user which entra returns in a token