Closed ternium1 closed 10 months ago
I managed to get the plugin work by editing some file:
$ diff provider.class.php provider.class.php.old --color
946,947c946
< 'scope' => $this->getScope(),
< //'scope' => 'openid%20profile%20email%20allatclaims',
---
> 'scope' => $this->getScope(),
951,952c950
< 'redirect_uri' => $this->getCurrentURL(),
< 'resource' => 'urn:microsoft:userinfo'
---
> 'redirect_uri' => $this->getCurrentURL(),
However, it seems to not recognize the user when changing the authentication method on Active Directory. I found another alternative without using the plugin.
Since my setup is using GLPI in docker (using DiouxX/docker-glpi) + Traefik, I implemented a forwardauth middleware with mesosphere/traefik-forward-auth and configured an app in ADFS. This middleware adds the X-Forwarded-User
header with either the email/username (depending on ADFS claim config). Now in GLPI, it is possible to authenticate directly with this header by going into Setup > Authentication > Others authentication methods and setting the Field storage of the login in the HTTP request
to HTTP_X_FORWARDED_USER
. Just make sure to not expose GLPI's port directly as any user could set the header's value.
Does anyone managed to have this plugin work with AD FS? Here is my current config, when testing the SSO, I get the tokens and everything, but nothing under getResourceOwner: and this error:
Also when trying to setup the provider, it just refreshes the page. Thanks!