Azure AD

[walidabualafia]

Hi folks,

I'm currently trying to configure Authentication in my Open OnDemand instance, and it doesn't seem like any of the methods that you provide in documentation work within our organization.

Azure AD requires:

• Identifier (Entity ID)
• Reply URL (Assertion Consumer Service URL)

to complete a basic SAML authentication.

Do you know where I can get this information?

** Note: We do not use ADFS, we use Azure Enterprise Applications SAML. Has OnDemand been configured on a system with Azure before?

Best,
Walid

[johrstrom]

Azure AD is Open ID connect (OIDC) protocol. So you should be able to follow the instructions for the same to configure the OnDemand server.

Seems you're asking about configuring Azure AD for a new client.

• reply URL - this is the URL of your OnDemand installation. I believe the full path is what you'd configure oidc_uri: "/oidc" to. So the full thing would be my-cool-site.domain.edu/oidc
• Identifier (Entity ID) - I think this corresponds to the client's ClientId - oidc_client_id: "ondemand.example.com". Checking my google auth that I setup years ago - it's a big string. I think this just needs to be unique (and domain names are so...)

A quick google search of apache ms azure active directory gave this result which may be helpful

https://blindzero.medium.com/apache-openid-authentication-with-azure-ea6d09104c66

[johrstrom]

I'm going to close this as I feel like it's been solved. Again, if you have any more issues (or need this one reopened) just let us know here or on discourse.