#1719  Adding second domain for external authentication
Closed
Daniel opened 1 month ago

Hi,

is it possible to add a second domain for Active Director in external authentication y? The search base is in the format dc=XYZ dc=local but we cannot add a second domain in here.

Alternative: Is it possible to have an Azure AD implementation for external authentication?

Best regards

Robin Shen commented 1 month ago

is it possible to add a second domain for Active Director in external authentication y? The search base is in the format dc=XYZ dc=local but we cannot add a second domain in here.

As far as I know, users normally reside under a single tree . Can you please help me understand why multiple search bases are necessary here?

Alternative: Is it possible to have an Azure AD implementation for external authentication?

Currently AD implementation should be able to be configured to work with Azure AD. Or does Azure AD have some special things?

Daniel commented 3 weeks ago

Multiple search bases are needed in our case, because we have at the moment two trusted domains, which can not be merged into one domain. Users from both domains should access OneDev.

We will try with Azure AD and come back with the results to you! Thank you for your support!

Tobias commented 3 weeks ago

Hi, i am working with Daniel on this topic.

The integration using EntraID (formerly Azure AD) was partially successful. Without the "Groups Claim" option, the login works. If "groups" is entered in "Groups Claim", the following error message appears:

code: invalid_client, description: AADSTS650053: The application '' asked for scope 'groups' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor. Trace ID: Correlation ID: Timestamp: , http status code: 302

The EntraID settings were taken from another service, where the login and group assignment via "groups" works . Is there a way to see the connection and authentication requests in the server log?

Best regards

Daniel commented 2 weeks ago

@robin Have you an update on the above error with EntraID or a hint how to proceed further?

Thank you so much!

Robin Shen commented 2 weeks ago

@danolv I am investing this issues and will release a patch version for the fix.

Robin Shen changed state to 'Closed' 1 week ago
Previous Value Current Value
Open
Closed
Robin Shen commented 1 week ago

Please upgrade to build #4687 and define sso provider of type Microsoft Entra ID. It has an option to retrieve groups.

LDAP authenticator of this release also improved to accept multiple user search bases.

issue 1 of 1
Type
Question
Priority
Normal
Assignee
Labels
No labels
Issue Votes (0)
Watchers (4)
Reference
onedev/server#1719
Please wait...
Page is in error, reload to recover