Configuring the Report Server for .NET Single Sign-On Functionality using Microsoft Entra ID for Linux/Container
Microsoft Entra ID is a cloud-based identity and access management service that can be used for authentication in the Telerik Report Server for .NET.
In this article, we will explain how to set up and enable the Microsoft Entra ID authentication for the users of the Telerik Report Server for .NET. Besides the enhanced authentication security, this approach also improves the user experience, because the users who are already registered in Microsoft Entra will be able to log into Report Server Manager UI without entering their login credentials each time.
Prerequisites
- Telerik Report Server installation with at least one administrator account.
- An Azure account with Microsoft Entra ID support.
In case you are unfamiliar with the process of using Microsoft Entra ID, we recommend checking out the Set up Microsoft Entra ID article.
Steps
1. Create a Microsoft Entra ID Tenant
- Navigate to the Microsoft Azure Home page.
- From the menu in the top left corner of the page, select Microsoft Entra ID.
-
In the displayed Overview page, click Manage Tenants:
-
Click the Create button on the Manage Tenants page:
-
On the Create a tenant page, choose
Microsoft Entra ID
as the tenant type (it should be selected by default): -
Click Next: Configuration > and type Organization name (for example,
Report Server Tenant
) and Initial Domain Name (e.g.ReportServerNetDomain
): -
Click Next: Review + create > and if the configuration is correct, a green message notifying that the validation has passed will be displayed:
Click Create and then fill in the Captcha (it will take a minute or two to complete the process once it has been submitted).
2. Registering the Telerik Report Server for .NET Application
-
If the steps from the previous section were completed successfully, the following green message should appear above the Captcha:
Tenant creation was successful. Click here to navigate to your new tenant: Report Server Tenant
.The text
Report Server Tenant
is your organization name and there will be a link to the Report Server Tenant Overview page.If you are not on the Report Server Tenant Overview page, go to the top left
Menu
>>Microsoft Entra ID
>> clickAdd
>>App Registration
. -
Register the application by choosing
Add
>App registration
.Add Report Server Application, for example, as a name, leave the rest options to be the default, and click
Register
. Expand the Manage dropdown in the menu on the left and choose Authentication.
-
Click
Add Platform
>>Web
>> Tick theID Tokens
checkbox, then click Configure. -
Add a Redirect URL, for example,
http://localhost:82/signin-oidc
. Click Certificates & secrets in the expanded Manage dropdown in the menu on the left.
-
On the Certificates & secrets page, Click the New client secret button.
Once the secret is created, copy and save the secret value as it will be used in the Report Server later. Note that you can do this only at this step. The failure would require another secret to be created, saved, and used.
3. EntraID Setup on a local Telerik Report Server for .NET installation on Linux
- Download the archive
Telerik_ReportServer_Net_NonWindows_{Report Server version}.zip
from your Telerik account. - Unzip the archive. The content gets deployed in two folders
ReportServer
andReportServiceAgent
. - Open the
Powershell
and navigate to the subfolderReportServer
. - Run the command
docker build -t telerik-report-server:local .
in Powershell to build the Report Server Manager image. Mind the dot.
at the end of the command. - Navigate to the subfolder
ReportServiceAgent
. - Run the command
docker build -t telerik-report-server-agent:local .
in Powershell to build the Report Server ServiceAgent image. Mind the dot.
at the end of the command. - Navigate to the subfolder
ReportServer\docker-configs
. -
(optional, recommended) Change the password
P1@ceStr0ngP@ssw0rdH3r3
for the SA database user with your own strong password in the filesdocker-compose.yml
andmssql_storage.env
:- Open the file
docker-compose.yml
in a text editor like Notepad++ and change the password on line 31. The tabulation is essential and should be preserved:
- SA_PASSWORD=P1@ceStr0ngP@ssw0rdH3r3
- Open the file
mssql_storage.env
in a text editor like Notepad++ and change the password with your own password you used above:
reportServer__storage__parameters__0__value=Data Source=storage;Initial Catalog=reportserver;Password=P1@ceStr0ngP@ssw0rdH3r3;User Id=sa;Encrypt=false
- Open the file
Run the command
docker image pull mcr.microsoft.com/mssql/server:2019-latest
.- (optional, use it only if it was not used before) Initialize a swarm to make the Docker Engine hosting the RS.NET a manager in the newly created single-node swarm by running the command
docker swarm init
. - Run the command
docker stack deploy -c docker-compose.yml report-server
. - Navigate to
localhost:82
in the browser to open the Report Server Manager for .NET.
4. Enabling Microsoft Entra ID Authentication in the Telerik Report Server for .NET
- Open the Telerik Report Server for .NET in the browser. The default URL is
http://localhost:82/
. -
Navigate to the Configuration page and select the Authentication tab.
Enable the
Microsoft Entra ID Provider
.- In the Instance field, use the URL -
https://login.microsoftonline.com/
. - In the Domain field, use the one from step 5 in the Create a Microsoft Entra ID Tenant section and add it as a URL, for example -
https://ReportServerNetDomain.onmicrosoft.com/
. -
Open the Microsoft Azure Portal to get the
Tenant ID
:- From the menu in the top left corner of the page, select Microsoft Entra ID.
- The
Tenant ID
can be copied from the Basic Information table in the center of the page.
-
Open the Microsoft Azure Portal to get the
Client ID
:- From the menu in the top left corner of the page, select Microsoft Entra ID.
- Expand the
Manage
dropdown >>App Registrations
>>All Applications
. - Click the application name e.g.
Report Server Application
(defined in the previous section). -
Copy the Application (client) ID and add it to the Report Server in the Client ID field.
Click the
Save Changes
button in the Report Server for .NET's Configuration page (a message that a manual restart of the service is required will appear on the screen).- The restart can be performed from the IIS Manager >> Application Pools >> Right-click the Telerik Report Server for .NET site and choose
Recycle
.
Once the service is manually restarted, log in with a user that has an administrator role and go to
User Management
.-
Click the
Add New User
button:- Select the
Authentication Provider
to beEntraId
. - Add a username.
- Add the domain name login email e.g.
username@mycompany.com
. - Choose a User Role and save the changes.
- Select the
-
Log out of the Report Server to go to the Login page.
Click the blue
Microsoft Entra ID
button. You should be automatically logged in with your EntraID.