Change redirect_uri to app root (without /auth.php) to match what's registered in Azure portal. Use relative URLs for auth fetch and reload on success instead of computed absolute paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Enable SSO with Azure AD credentials (tenant + client ID + redirect_uri) - Add JWTValidator.php: RS256 idToken validation via Azure JWKS with 1h cache - Add auth.php: POST login handler sets auth cookie, GET logout clears it - Add UserRoleManager.php: file-based role CRUD in data/user_roles.json - Add admin.php: admin-only role management panel - AuthMiddleware: add requireAdmin(), role in user array, fix MSAL redirect - header.php: hide Activity Logs + Admin Panel tabs for non-admin users - logs-viewer.php: protect with requireAdmin() instead of requireAuth() - server-setup.sh: add composer check, data/ dir, PHP extension checks, SSO validation - .gitignore: add data/ directory Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
