Deploy Java WebSphere apps to Traditional WebSphere on Azure Virtual Machines
This article shows you how to deploy a Java WebSphere web app with sign-in by Microsoft Entra account to Traditional WebSphere on Azure Virtual Machines.
Prerequisites
- Completion of one of the following articles for enabling security with Microsoft Entra ID:
- Enable sign-in for Java WebSphere apps using Microsoft Entra ID
- Enable sign-in for Java WebSphere apps using MSAL4J with Azure Active Directory B2C
- Enable Java WebSphere apps to sign in users and access Microsoft Graph
- Secure Java WebSphere apps using app roles and role claims
- Secure Java WebSphere apps using groups and group claims
- A deployed IBM WebSphere Application Server Cluster. For more information, see Deploy WebSphere Application Server (traditional) Cluster on Azure Virtual Machines.
Prepare the app for deployment
When you deploy your application to WebSphere Application Server, your redirect URL changes to the redirect URL of your deployed WebSphere Application Server instance. Use the following steps to change these settings in your properties file:
Navigate to your app's authentication.properties file and change the value of
app.homePageto your server URL and port number you're planning to use, as shown in the following example:# app.homePage is by default set to dev server address and app context path on the server # for apps deployed to azure, use https://your-sub-domain.azurewebsites.net app.homePage=https://<server-url>:<port-number>/msal4j-servlet-auth/After saving this file, use the following command to rebuild your app:
mvn clean packageAfter the code finishes building, copy the .war file over to your target server's file system.
Update your Microsoft Entra ID app registration
Because the redirect URI changes to your deployed app on WebSphere, you also need to change the redirect URI in your Microsoft Entra ID app registration. Use the following steps to make this change:
Navigate to the Microsoft identity platform for developers App registrations page.
Use the search box to search for your app registration - for example,
java-servlet-webapp-authentication.Open your app registration by selecting its name.
Select Authentication from the menu.
In the Web - Redirect URIs section, select Add URI.
Fill out the URI of your web app, appending
/auth/redirect- for example,https://<server-url>:<port-number>/auth/redirect.Select Save.
Deploy the application
To deploy the application, use the following steps:
On the Applications tab, select New Application, then New Enterprise Application.
Choose the .war file you built, then select Next until you get to the Map context roots for Web modules installation step.
For the context root, set it to the same value as after the port number in the 'Redirect URI' you set in sample configuration/Azure app registration. That is, if the redirect URI is
http://<server-url>:9080/msal4j-servlet-auth/, then the context root should just bemsal4j-servlet-auth.Select Finish.
After the application finishes installing, go to the WebSphere enterprise applications section of the Applications tab.
Select the .war file you installed from the list of applications and then select Start to deploy.
After it finishes deploying, navigate to
http://<server-url>:9080/{whatever you set as the context root}and you should be able to see the application.
Your deployment is now complete.
More information
- Microsoft Authentication Library (MSAL) for Java
- MSAL Java Reference Documentation
- Microsoft identity platform (Microsoft Entra ID for developers)
- Quickstart: Register an application with the Microsoft identity platform
- Understanding Microsoft Entra ID application consent experiences
- Understand user and admin consent
- MSAL code samples
Next steps
For other deployment options, see the following articles: