Auth via AzureAD

fireba11 · November 16, 2022, 3:08pm

Has anyone figured out how to authenticate users with AzureAD?
We want to allow large user groups to view (as in read-only) icingaweb2 and provide them with team dashboards.
For that purpose we want to auth via AzureAD, that should be possible f.ex. with Release release 2.4.12.1 · zmartzone/mod_auth_openidc · GitHub
Anyone figured out how to do that and can provide some examples, ideally with how to map a group so we can use it in icingaweb2.

rivad · November 18, 2022, 1:47pm

You could generate a Icingaweb2 user per group and use mod_auth_openidc to figure out to which Icingaweb2 user/dashboard the AzureAD-login belongs and set the user env var so Icingaweb2 will “autlogin” the AzureAD-Account to the “group” Icingaweb2 user.

It will not work for more then one group but maybe you could make users and dashboards for AzureAD-Accounts that belonge to more then one group - combinatoric is exponential tho!

Can’t the normal LDAP/AD auth method of Icingaweb2 connect to AzureAD?
Then you could assign roles based on groups but still the dashboards are a problem.
I will soon have to check out GitHub - Thomas-Gelf/icingaweb2-module-enforceddashboard myself as copy pasting team dashboards is starting to be a pain.

fireba11 · November 18, 2022, 4:27pm

sadly no. azureAD doesn’t priovde “normal” LDAP since that would require certificates etc.
it can do oauth2 and oidc, which i’d like to use but i don’t have any idea how to get to work those with icingaweb2

rivad · November 18, 2022, 4:45pm

Then you have no choice and need to do the user auth in the apache module and set the env variable REMOTE_USER - see Authentication - Icinga Web & Advanced Topics - Icinga Web

kiko · November 7, 2023, 3:44pm

Hi,

I have installed icinga(2.13.2-1) + icinga director(1.9.1) in OL8 server to monitor +200 devices(servers,network devices, etc…)

Now I want to configure authentication via Azure AD.
I need to know about the configuration in icinga2.

I saw that I can use oauth_proxy following below steps:

What do you think about that?
Please if you need more information about my setup, just let me know

Thank you in advance,

rivad · November 7, 2023, 4:13pm

Sounds good for the icingaweb2 part. I can’t comment on the oauth part.

tomabg · March 21, 2024, 9:53am

Hi, did you get it working to authenticate icingaweb2 with azure ad?

After a lot of try and error i was able to bring the Azure AD Auth to work…this manual below helped(at least a little bit)

Apache OpenID authentication with Azure | by Matthias Fleschütz | Medium

fireba11 · April 3, 2024, 6:22pm

Thanks. That particular project got stalled due to other priorities. Will have a look at the link when i can get back to it.

tomabg · April 4, 2024, 4:10pm

OK See also this threat or ask me then i can send you my provedure