Has anyone tried to use the OpenID Connect support in AzureAD as the authentication source in Foreman? I’ve read the articles describing how to use keycloak but given that AzureAD already acts as an OIDC source I don’t really want to run a additional thing if I can avoid it.
I’ve tried creating a new AzureAD App Registration and then using the appropriate values in Foreman, eg:
OIDC Algorithm: RS256
OIDC Audience: (client ID of app registration in AzureAD)
OIDC Issuer: https://login.microsoftonline.com/(AzureAD tenant ID)/v2.0
OIDC JWKs URL: https://login.microsoftonline.com/(AzureAD tenant ID)/discovery/v2.0/keys
But after trying to access /users/extlogin I get a single “SSO failed” entry in the production.log and it falls back to regular Foreman auth.
Hello @mcorr, thank you for notifying me about this thread
So @ph473, I have not tried to use AzureAD but I can surely try to help out!
a) Can you please paste the production logs in here?
b) Can you tell me what are the values of few fields in the AzureAD, like do you have a valid redirect urls url?
c) Apart from this, have you setup appropriate mappers in AzureAD?
d) Another thing to check, is your foreman server running on https? same as your AzureAD setup?
I have the same goal (having the authentication to Foreman with OIDC from Azure AD) but I didn’t find any guide to do it, any advice or any guide/tutorial to do that?
