Open scott-dunt opened 2 years ago
I am also searching for a tutorial on how to authetify with openid against Azure AD. Have you made any progress on this?
Set DEBUG = True
in your settings/config.py
and check the Logs and/or the failed request response. This error can occur in a number of cases when something in your configuration is wrong (e.g. SMTP settings).
I know the Issue is quite old, but here is my solution that worked for those who stumble across the Issue.
Add within docker-compose.yml
to default-back-environment
PUBLIC_REGISTER_ENABLED: "True"
ENABLE_OPENID: "True"
OPENID_URL: "https://login.microsoftonline.com/XXXXXXXXXXXXXXXXXXXXXX/oauth2/v2.0/authorize"
OPENID_USER_URL: "https://graph.microsoft.com/oidc/userinfo"
OPENID_TOKEN_URL: "https://login.microsoftonline.com/XXXXXXXXXXXXXXXXXXXXXX/oauth2/v2.0/token"
OPENID_CLIENT_ID: "XXXXXXXXXXXXXXXXXXXXXX"
OPENID_CLIENT_SECRET: "XXXXXXXXXXXXXXXXXXXXXX"
OPENID_NAME: "Microsoft"
OPENID_USERNAME_FIELD: "email"
OPENID_FULLNAME_FIELD: "name"
OPENID_SCOPE: "openid email"
and to taiga-front
:
ENABLE_OPENID: "true"
OPENID_URL : "https://login.microsoftonline.com/XXXXXXXXXXXXXXXXXXXXXX/oauth2/v2.0/authorize"
OPENID_CLIENT_ID : "XXXXXXXXXXXXXXXXXXXXXX"
OPENID_NAME: "Microsoft"
PUBLIC_REGISTER_ENABLED: "false"
Trying to figure out - map the Azure AD settings and configuration for Openid - Oauth2 to the Taiga plug in. I have setup multiple applications using SAML and Oauth access in this environment. I see in the Azure AD logs that my login was success for the URL - call from Taiga to Azure, in the browser I see:
(I have tried BOTH the scope=openid and scope=openid email and there is no difference.) What I see come back in the browser looks a whole lot like all the other setups I have troubleshoot, although there is NO Cookie used for the connection:
My setting in docker-compose.yml are:
There is NOTHING in the container logs that shows any kind of errors. If there is some way to enable debug logging that would be helpful.
Apparently Azure AD has the facility to dump what its supported openID configuration is:
From: https://login.microsoftonline.com//v2.0/.well-known/openid-configuration
I have also set the permissions within Azure AD for the app to be able to read:
Looking for any guidance on how to get this working.. I'm assuming this might be a desirable configuration for others to use as well?