SAML Auth with Azure AD
-
@Mathieu Thanks to your help, we are deploying a patch with config update and control over document and assertion signatures
https://github.com/vatesfr/xen-orchestra/pull/9093closed fix(plugin/auth-saml): add default config in SAML #9093
-
@Mathieu Hi,
We merged the PR linked above with new options. If you have time, can you confirm it is working for you?
It will fix the audience error and let you choose if you want to sign responses and assertions. -
@pierrebrunet
I'm jumping in here as well. Reporting that the PR fixes it for Google Workspace as well!
However, the checkbox in GW is called "Signed response".
No further adjustments of the plugin itself was needed. -
@probain Hi,
Great!! Can you confirm the checkbox is in the Service Provider Details window? It is to enhance the doc part about SAML. -
@pierrebrunet
For Google Workspace:
Yes it is in the "Service Provider details"-section: See screenshot for example
Edit: Removed doubled screenshot
-
@probain Thank you!
-
O olivierlambert marked this topic as a question
-
O olivierlambert has marked this topic as solved
-
@pierrebrunet
Hello Pierre,Sorry for that late response, but yes, latest version is working fine and has solved the issue.
Thanks for the fix.
-
@pierrebrunet Are you aware if there is an official guide on how to use this with AzureAD ?
-
@TheNorthernLight I think this one is the most accurate: https://help.vates.tech/kb/en-us/48-plugins/162-saml-azure-guide
I've followed it and it worked, however there's two caveats:
- You need to use XOA 5.112, which is on the latest channel as today and not the stable channel.
- You need to Sign SAML response and assertion. To do that, Go to Microsoft Entra ID β Enterprise applications β Xen Orchestra β Single sign-on β SAML.
After those settings I could login with Azure ID / Entra ID / Whatever Microsoft calls today.
-
@olivierlambert can we report documentation issues or can we contribute to docs? I would fix myself if I can.
