RE: SAML Auth with Azure AD

@pierrebrunet
Hello Pierre,

Sorry for that late response, but yes, latest version is working fine and has solved the issue.

Thanks for the fix.

@pierrebrunet
XO from source, commit 1ee07 from today.

@pierrebrunet Just posted it above

@pierrebrunet

Hello,

I've updated the cert with signed assertion and response

I also tried with a brand new certificate.

Unfortunately, login is still failing.

From xo-server:

Oct 09 08:11:17 xo-ce xo-server[272092]: Error: SAML assertion audience mismatch. Expected: 1671ff50-10e1-4a02-a0c5-4ed298898281 Received: https://XO_DNS_RECORD/
Oct 09 08:11:17 xo-ce xo-server[272092]:     at /opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1264:18
Oct 09 08:11:17 xo-ce xo-server[272092]:     at Array.map (<anonymous>)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.checkAudienceValidityError (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1259:8)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.processValidlySignedAssertionAsync (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:1151:32)
Oct 09 08:11:17 xo-ce xo-server[272092]:     at SAML.validatePostResponseAsync (/opt/xo/xo-builds/xen-orchestra-202510090759/node_modules/@node-saml/node-saml/src/saml.ts:808:16)

And here is the plug-in configuration:

I'm not expert at all in SAML, sorry not being able to debug deeper.

Hello,

Has the saml-auth plugin updated recently ?

Using XOCE, commit c0065, it was working fine. Updating today to latest release, SAML authentication (Microsoft Entra ID), is not working anymore, I land on a page with a
'Internal server error' message.

Thanks,

@dant123
Old topic but thanks a lot for your first post, it was quite helpful for me to setup authentification with Microsoft Entra.

I just didn't get immediately that you also need to specify the callback URL in the XO plugin settings, not only in the enterprise application in the Microsoft portal.

My XO is behind a reverse proxy with a Let's Encrypt certificate, but it is also working with a self-signed certificate and a local DNS record.

@olivierlambert Might be worth an addendum in the official documentation with specific screenshots for Microsoft Entra?

Hello,

Indeed, disabling NBD for the delta backups, they are no more VDI attached to Dom0.

My upgrade path was from 8.2.1 stable to 8.3 using the ISO installation.

@Tristis-Oris
It seems that since updating to 8.3, I also have VDI attached to control domain I cannot delete, they appear after a backup.
The only solution to forget them is to a pool reboot.

I make it the other way, I add a tag for the VM I want a health check to happen, and no tag if I don't want a health check.

Then, in the backup's schedule, I add my tag:

Hello,

Is there a way to do multiple health check without starting them one by one?

In the restore tab, if I select multiple backups with the tick box, the restore health check icon appears in the top right corner, but if I click on it, I got an error message: t is not a function.

One other way would be to create a schedule in the backup job, but it doesn't seem possible to do just a health check without first creating a new backup.

Thanks for your help,

Can you go into the BIOS menu, then Boot manager and set Windows Boot Manager as the boot option?
I think I had to do that with a Windows Server 2022 in UEFI mode imported from vmWare, but not sure, it was a while ago.

@olivierlambert
It took a while to validate it, but I can also confirm that the perf-alert plugin is the culprit.

Here are my plugin's parameters, if it can help chasing the goose:

I'm gonna try the same and will let you know.

@olivierlambert
Simpler setup on my side:

Pool 1 - 1 x ASRock Rack 1U4LW-X570/2L2T RPSU with about 10 VMs
Pool 2 - 1 x HP DL360 Gen9 with only the XO VM (Debian 11).

Each host has 2 x 10 Gb NIC in use (one for VMs/MGMT, the other one for NFS storage).

The storage is a NFS share on a QNAP NAS (except for the XO VM which is on the local storage of the DL360 host).

The 2 hosts and the NFS storage are connected on the same10Gbit Ubiquiti EdgeSwitch.

Same plugins as @14wkinnersley + audit and sdn-controller.

The issue with stuck task is only appearing on the pool 1, not on the pool 2 with only the XO VM.

@MathieuRA
OK, thanks for the answer.

Looking forward for XO6

Hello,

Maybe I've missed it, but is there a way to tag several VMs with the same tag in one operation, by doing a multi-selection in the VM window in XO?

Thanks,

@olivierlambert
Same on my host, the first stuck task appeared 5 hours after toolstack and XO reboot.

@olivierlambert
Yes, confusing, indeed
I just now restarted XO and the toolstack one more time to be sure. Yesterday, it was OK at the beginning but the issue reappeared after a few hours.
I'll let you know ASAP.

@olivierlambert
I can also confirm that the issue is still there on my host with XO updated to master with latest commit a548a.

@olivierlambert
I mean if use commit 0ccfd4b, there is no issue, if I use a more recent one, like the latest 583c7, the issue is appearing.