AzureAD authentication to Icingaweb2

Question

Is it possible to authenticate to Icingaweb2 through AzureAD (SAML/oauth2/openID) ?

score 5 · Accepted Answer · answered Jun 13 '18 at 07:21

This thing is actually possible to achieve with usage of https://github.com/bitly/oauth2_proxy

After this proxy is installed and configured, run it with -set-xauthrequest info is in github repo wiki/readme
Set up icingaweb2 for external authentication by adding:
```
[autologin]
backend = external
```
into authentication.ini file
In icingaweb2 you need to add:
```
fastcgi_param REMOTE_USER $http_X_User;
```
into nginx/apache configuration.

If you will use same cookie name and secret pair in oauth2 proxy configuration, you will be authenticated to all your systems (Graylog SSO plugin, Icinga2, any your site) with pure SSO experience.

score 1 · Answer 2 · answered Jun 14 '18 at 19:02

1

Depending on how much information is available, you can add a custom application to Azure AD.

This way only allows the connection to be SAML.

answered Jun 14 '18 at 19:02

rbrayb

46,440
34
114
174

AzureAD authentication to Icingaweb2

2 Answers2