SSO with AzureAD OpenID Connect?

Hi folks,

Has anyone tried to use the OpenID Connect support in AzureAD as the authentication source in Foreman? I’ve read the articles describing how to use keycloak but given that AzureAD already acts as an OIDC source I don’t really want to run a additional thing if I can avoid it.

I’ve tried creating a new AzureAD App Registration and then using the appropriate values in Foreman, eg:
OIDC Algorithm: RS256
OIDC Audience: (client ID of app registration in AzureAD)
OIDC Issuer: tenant ID)/v2.0
OIDC JWKs URL: tenant ID)/discovery/v2.0/keys

But after trying to access /users/extlogin I get a single “SSO failed” entry in the production.log and it falls back to regular Foreman auth.

Foreman version is 2.3.3. Thanks!

Hey @rabajaj any idea who would know about this?

Hello @mcorr, thank you for notifying me about this thread :slight_smile:

So @ph473, I have not tried to use AzureAD but I can surely try to help out!
a) Can you please paste the production logs in here?
b) Can you tell me what are the values of few fields in the AzureAD, like do you have a valid redirect urls url?
c) Apart from this, have you setup appropriate mappers in AzureAD?
d) Another thing to check, is your foreman server running on https? same as your AzureAD setup?


1 Like

Hi Everyone,

I have the same goal (having the authentication to Foreman with OIDC from Azure AD) but I didn’t find any guide to do it, any advice or any guide/tutorial to do that?

Thanks in advance.

I guess noone could make it work? same situation here. getting v1 tokens and expecting v2.