Anyone tried integrating Azure AD with Foreman for SSO. We have steps for Keycloak in foreman documents: Foreman :: Manual (theforeman.org).
After following steps defined in document, set below parameters in foreman:
eg:
OIDC Algorithm: RS256
OIDC Audience: (client ID of app registration in AzureAD)
OIDC Issuer: https://login.microsoftonline.com/(AzureAD tenant ID)/v2.0
OIDC JWKs URL: https://login.microsoftonline.com/(AzureAD tenant ID)/discovery/v2.0/keys
Not able to get option to login with SSO.
Expected outcome:
Should be able to enable SSO to Foreman using azure AD.
Issue:
Steps are not clear enough to integrate azure AD with foreman SSO.
Could anyone help to get exact steps to integrate foreman 3.7 with Azure AD.
I kind of tried that for once now/looked up if anyone else has already achieved it.
TL;DR:
Doesn’t look like anyone already got it working. (I tried but didn’t go far enough in the troubleshooting until now)
The thing is only configuring the parameters in Foremans settings is not enough, you need the local auth endpoint, which sends the requests to the remote OIDC/SAML2 endpoint. The current documented way just only works with Keycloak, as it uses keycloak-httpd-client-install to configure the local auth endpoint /users/extlogin (and also /users/extlogout)
So if someone wants to sacrifice their time, it would most likely help to setup a Keycloak, configure the system with it, get the httpd config which gets generated by keycloak-httpd-client-install and manually mimic it for Azure AD.
I think the currently “headache free” ways to integrate Azure AD might be either having a Keycloak inbetween or using the ADDS service with LDAPS.
