Auth via AzureAD

Has anyone figured out how to authenticate users with AzureAD?
We want to allow large user groups to view (as in read-only) icingaweb2 and provide them with team dashboards.
For that purpose we want to auth via AzureAD, that should be possible f.ex. with Release release 2.4.12.1 · zmartzone/mod_auth_openidc · GitHub
Anyone figured out how to do that and can provide some examples, ideally with how to map a group so we can use it in icingaweb2.

You could generate a Icingaweb2 user per group and use mod_auth_openidc to figure out to which Icingaweb2 user/dashboard the AzureAD-login belongs and set the user env var so Icingaweb2 will “autlogin” the AzureAD-Account to the “group” Icingaweb2 user.

It will not work for more then one group but maybe you could make users and dashboards for AzureAD-Accounts that belonge to more then one group - combinatoric is exponential tho!

Can’t the normal LDAP/AD auth method of Icingaweb2 connect to AzureAD?
Then you could assign roles based on groups but still the dashboards are a problem.
I will soon have to check out GitHub - Thomas-Gelf/icingaweb2-module-enforceddashboard myself as copy pasting team dashboards is starting to be a pain.

sadly no. azureAD doesn’t priovde “normal” LDAP since that would require certificates etc.
it can do oauth2 and oidc, which i’d like to use but i don’t have any idea how to get to work those with icingaweb2

Then you have no choice and need to do the user auth in the apache module and set the env variable REMOTE_USER - see Authentication - Icinga Web & Advanced Topics - Icinga Web

1 Like

Hi,

I have installed icinga(2.13.2-1) + icinga director(1.9.1) in OL8 server to monitor +200 devices(servers,network devices, etc…)

Now I want to configure authentication via Azure AD.
I need to know about the configuration in icinga2.

I saw that I can use oauth_proxy following below steps:

What do you think about that?
Please if you need more information about my setup, just let me know

Thank you in advance,

Sounds good for the icingaweb2 part. I can’t comment on the oauth part.

Hi, did you get it working to authenticate icingaweb2 with azure ad?

After a lot of try and error i was able to bring the Azure AD Auth to work…this manual below helped(at least a little bit)

Apache OpenID authentication with Azure | by Matthias Fleschütz | Medium

Thanks. That particular project got stalled due to other priorities. Will have a look at the link when i can get back to it.

OK See also this threat or ask me then i can send you my provedure