Open peat-psuwit opened 1 year ago
SSO flow during login is a must-have feature! This way the aad-auth will become an actual ZERO TRUST module. However, I doubt it'll happen as it requires GDM rewrite.
I wasn't able to get this working until I tried the suggestion from @peat-psuwit
Some better documentation about the Azure AD application setup would be appreciated.
Thanks for reporting this issue with the documentation. I'm adding it to our backlog.
I found this third-party blog to be very helpful for setting up Azure AD and Ubuntu 23.04:
What API Permissions should be granted to the AD Application so the login works?
What API Permissions should be granted to the AD Application so the login works?
I struggled with this as well and got my answer from
2.) Also, you need to add delegated API permission 'User.Read' for MS Graph and grant admin consent.
https://github.com/ubuntu/aad-auth/issues/195#issuecomment-1520825120
Having issues even though everything is configured correctly: https://github.com/ubuntu/aad-auth/issues/420
In README.md, it mentions the need to create an Azure AD application, and links to Azure's documentation for application registration in general. However,
The first 2 points is partially addressed as an error message improvement in #193, but it would be nice if Ubuntu documents how to configure the Azure AD application correctly in the first place (either here or in a documentation somewhere).
[1] https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-desktop-app-registration#redirect-uris [2] https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent?pivots=portal [3] https://s4erka.wordpress.com/2021/03/26/azure-ad-application-to-test-oauth2-0/ [4] https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal