Open imareporter opened 3 years ago
mcharo
commented
1 year ago Looking into the underlying social authentication library, it looks like AWX would need to expose a way to change SOCIAL_AUTH_AZUREAD_OAUTH2_AUTHORITY_HOST, in this case to AZURE_GOVERNMENT.
https://python-social-auth.readthedocs.io/en/latest/backends/azuread.html
jsutton
commented
1 year ago Looks like the files that need to be updated to add SOCIAL_AUTH_AZUREAD_OAUTH2_AUTHORITY_HOST are:
Since there are a small number of valid values, a ChoiceField probably makes sense. https://learn.microsoft.com/en-us/python/api/azure-identity/azure.identity.azureauthorityhosts?view=azure-python
freedge
commented
1 year ago small number of valid values
the doc you link mentions
For single-tenant applications, replace "common" in the previous URLs with your tenant ID or name.
so it would be useful to have a text box instead.
keys1234249
commented
2 months ago Hello i am having this same issue, is there any manual workaround or plans to implement this change? Can we set the value in the postgres DB?
keys1234249
commented
2 months ago Hello please let me know how we could set this manually until a fix is implemented
keys1234249
commented
1 month ago Hello please let me know how we could set this manually until a fix is implemented
ISSUE TYPE
SUMMARY
Per an user's request, they would like to initiate an OAuth2 authentication flow from
login.microsoftonline.us, instead of using Azure AD's global service endpoint (i.e.login.microsoftonline.com).See: https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-national-cloud#azure-ad-authentication-endpoints
After configuring information for Azure AD authentication, AWX appears to direct the authentication request to
login.microsoftonline.com.