Compatibility with Windows Azure Active Directory (WAAD)

[csghuser]

Has anyone switched to using Azure AD to provide single sign on and managed to get this working?

For reference the guide is here:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial

Is it possible with the current code or would an additional provider have to be written?

[davidobrien1985]

@wolfeidau would need to correct me, but I believe there would need to be some extra code that needed to be written. Especially because the AAD prompt needs to be caught by a screenscraper essentially.

[ashemedai]

Hi, I got an interest in getting this working. Is there anything aside from the pkg/providers that I need to work on to get it working?

I assume calling it waad is good enough or do we prefer azuread?

[davidobrien1985]

Either azuread or aad, my preference would be the former.

[ashemedai]

Just a small heads up: working on this a small bit at a time. Working on the scraper at the moment.

[tomcroll]

I'm interested in contributing. Please let me know fi you managed to make any progress and if I can help.

[ashemedai]

@tomcroll Thanks for the offer. I'll try to submit a first PR next week. Was sidetracked with some SessionDuration custom claim and other work stuff.

[brettneese]

@ashemedai did you get anywhere with this? :) I was about to hack this together until I saw this issue so happy to help if I can.

[ashemedai]

@brettneese @tomcroll Hi,sorry, been awfully derailed by many other things that wound up on my plate.

Put the small amount of code up at https://github.com/ashemedai/saml2aws/commit/ac2fd4577f712e640a7a3047848b1259ef773fca so I at least don't block other people who can work on it.

[brettneese]

totally understandable! :) thanks for posting that.

[st33v]

has anyone been able to get this working? I'm totally stuck.

[ghost]

just seeing if there has been any progress on this ?

[jaxxstorm]

If anyone sees this, I am happy to sponsor the development of this feature - please contact me.

[rdkls]

There's also this https://www.npmjs.com/package/aws-azure-login - however I (currently) can't get it to run non-interactively. Would love to just keep using saml2aws though.

[paihu]

Hello I wrote the support of AaureAD. It seems to work for my AzureAD tenant but I could not test other environments.

https://github.com/paihu/saml2aws/commit/572b549948eb310aa3008e7c2c280cc60c5a9401

[pysysops]

I seem to get a login webpage returned 🤔along with:

DEBU[0010] HTTP Req                                      URL="https://login.microsoftonline.com/common/login" http=client method=POST
DEBU[0011] HTTP Res                                      Status="200 OK" http=client
Response did not contain a valid SAML assertion
Please check your username and password is correct

@paihu - are you able to share with us the expected config for saml2aws with AzureAD? Don't seem to be able to find any documentation for it.

Thanks, Tim.

[pysysops]

I was being lazy I think: https://github.com/Versent/saml2aws/tree/master/doc/provider/aad

[howdoicomputer]

Does this work for people? I haven't been able to get it to work.

[jessechahal]

Just got it working a couple of minutes ago following https://github.com/Versent/saml2aws/tree/master/doc/provider/aad I had to setup 2-factor auth using the microsoft authenticator app

[howdoicomputer]

Hm, I have the Authenticator app and have setup 2-factor auth. I followed the documentation but no dice. I created this issue as a result.

[benoahriz]

having the same issue here... seems like it might be related to this https://github.com/Versent/saml2aws/issues/327 ideas?

when doing a DUMP in my case I am seeing the same thing. All calls look correct but after you type in the OTP the response is Content-Type: application/x-www-form-urlencoded not json

[giuliocalzolari]

if any golang guru want to help me I did a python version to solve this problem, would be awesome to have as part of saml2aws

https://github.com/giuliocalzolari/aad-aws-login/blob/master/azure_saml.py

[trentondyck]

Doesn't work for me either. I tried so many combinations but I run into "unable to locate IDP oidc form submit URL" Also tried so many versions, 2.23.0, 2.27.1, 2.26.1.

For those wondering how to find APP ID and URL (Since its not clear in the parent README.md) https://github.com/Versent/saml2aws/tree/master/doc/provider/aad