XCP-ng
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    SAML Auth with Azure AD

    Scheduled Pinned Locked Moved Solved Xen Orchestra
    36 Posts 10 Posters 4.8k Views 9 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pierrebrunet Vates πŸͺ XO Team @Mathieu
      last edited by

      @Mathieu Hi,
      We merged the PR linked above with new options. If you have time, can you confirm it is working for you?
      It will fix the audience error and let you choose if you want to sign responses and assertions.

      P MathieuM 2 Replies Last reply Reply Quote 0
      • P Offline
        probain @pierrebrunet
        last edited by

        @pierrebrunet
        I'm jumping in here as well. Reporting that the PR fixes it for Google Workspace as well!
        However, the checkbox in GW is called "Signed response".
        No further adjustments of the plugin itself was needed.

        P 1 Reply Last reply Reply Quote 1
        • P Offline
          pierrebrunet Vates πŸͺ XO Team @probain
          last edited by

          @probain Hi,
          Great!! Can you confirm the checkbox is in the Service Provider Details window? It is to enhance the doc part about SAML.

          P 1 Reply Last reply Reply Quote 1
          • P Offline
            probain @pierrebrunet
            last edited by probain

            @pierrebrunet
            For Google Workspace:
            Yes it is in the "Service Provider details"-section: See screenshot for example
            f2d58e46-b168-43a5-85b1-7a59b305f7b4-image.png

            Edit: Removed doubled screenshot

            P 1 Reply Last reply Reply Quote 1
            • P Offline
              pierrebrunet Vates πŸͺ XO Team @probain
              last edited by

              @probain Thank you!

              TheNorthernLightT 1 Reply Last reply Reply Quote 2
              • olivierlambertO olivierlambert marked this topic as a question on
              • olivierlambertO olivierlambert has marked this topic as solved on
              • MathieuM Offline
                Mathieu @pierrebrunet
                last edited by

                @pierrebrunet
                Hello Pierre,

                Sorry for that late response, but yes, latest version is working fine and has solved the issue.

                Thanks for the fix.

                1 Reply Last reply Reply Quote 1
                • TheNorthernLightT Offline
                  TheNorthernLight @pierrebrunet
                  last edited by

                  @pierrebrunet Are you aware if there is an official guide on how to use this with AzureAD ?

                  F 1 Reply Last reply Reply Quote 0
                  • F Offline
                    ferrao @TheNorthernLight
                    last edited by

                    @TheNorthernLight I think this one is the most accurate: https://help.vates.tech/kb/en-us/48-plugins/162-saml-azure-guide

                    I've followed it and it worked, however there's two caveats:

                    1. You need to use XOA 5.112, which is on the latest channel as today and not the stable channel.
                    2. You need to Sign SAML response and assertion. To do that, Go to Microsoft Entra ID β†’ Enterprise applications β†’ Xen Orchestra β†’ Single sign-on β†’ SAML.

                    After those settings I could login with Azure ID / Entra ID / Whatever Microsoft calls today.

                    F 1 Reply Last reply Reply Quote 1
                    • F Offline
                      ferrao @ferrao
                      last edited by

                      @olivierlambert can we report documentation issues or can we contribute to docs? I would fix myself if I can.

                      nathanael-hN 1 Reply Last reply Reply Quote 0
                      • nathanael-hN Offline
                        nathanael-h Vates πŸͺ DevOps Team @ferrao
                        last edited by

                        @ferrao Hey thanks, yes you are welcome to send a PR to improve the docs. It is based on Docusaurus, it is in the docs directory in https://github.com/vatesfr/xen-orchestra/tree/master/docs. Then pages are in the 2nd level docs directory.

                        1 Reply Last reply Reply Quote 0
                        • olivierlambertO Offline
                          olivierlambert Vates πŸͺ Co-Founder CEO
                          last edited by

                          On the bottom of each documentation page, there's an "Edit this page" link you can use to contribute πŸ™‚

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post