Hi Alex,

Well, the good news is that OIDC is just a wrapper around OAuth2, so a lot of 
the same things apply either way.

But my experience using only OAuth2 for AuthN is pretty limited. Previously, 
I've reviewed how Keycloak integrates with OAuth2 endpoints for things like 
Facebook: 
https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java

Sounds like you're making progress though.

David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia

Office: 02 9212 0899
Online: 02 8005 0595

-----Original Message-----
From: Alex Buckley <alexbuck...@catalyst.net.nz> 
Sent: Monday, 22 May 2023 3:23 PM
To: David Cook <dc...@prosentient.com.au>; 'koha-devel' 
<koha-devel@lists.koha-community.org>
Subject: Re: [Koha-devel] Azure configuration for OAuth authentication with Koha

Hi David,

Ah that might be the problem! The client is using OAuth with Azure currently. 
We have indeed set up using OIDC with Azure before, but we haven't used OAuth 
before with any identity providers.

Thanks for raising that. Are you aware of what IdP OAuth should be used with?

Kind regards,

Alex


On 22/05/23 11:27, David Cook wrote:
> Hi Alex,
>
> Do you mean OAuth or OIDC? With Azure you'd want to be using OIDC which I 
> think you folk have set up before with Azure?
>
> When it comes to the URIs you register, you'll want to use a * wildcard at 
> the end of the OpacBaseURL, so that the users are able to login from any page 
> in the Koha OPAC.
>
> David Cook
> Senior Software Engineer
> Prosentient Systems
> Suite 7.03
> 6a Glen St
> Milsons Point NSW 2061
> Australia
>
> Office: 02 9212 0899
> Online: 02 8005 0595
>
> -----Original Message-----
> From: Koha-devel <koha-devel-boun...@lists.koha-community.org> On 
> Behalf Of Alex Buckley
> Sent: Monday, 22 May 2023 6:26 AM
> To: koha-devel <koha-devel@lists.koha-community.org>
> Subject: [Koha-devel] Azure configuration for OAuth authentication 
> with Koha
>
> Hi Koha community,
>
> If you have configured Koha OAuth authentication with Azure could you please 
> let me know what did you configure as the Redirect and Reply URIs in Azure?
>
> Context: We have a library (running Koha 22.11) that is trying to setup OAuth 
> authentication with Azure.
>
> They have configured the Koha end using the new Koha 'Administration' > 
> 'Identity provider' pages.
>
> When this library attempt a SSO login they get a 'AADSTS00113: No reply 
> address is registered for the application' Azure error - see attached.
>
> Should the Redirect and Reply URIs in Azure just be the Koha OpacBaseURL 
> (with https), or something else?
>
> Thanks so much,
>
> Alex
>
--
Alex Buckley
Koha Developer | Implementation Lead
Catalyst.Net Limited - Expert Open Source Solutions

Catalyst.Net Limited - a Catalyst IT group company

CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. 
It may contain privileged, confidential or copyright information. If you are 
not the named recipient, any use, reliance upon, disclosure or copying of this 
email or its attachments is unauthorised. If you have received this email in 
error, please reply via email or call +64 4 499 2267.

_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : https://www.koha-community.org/
git : https://git.koha-community.org/
bugs : https://bugs.koha-community.org/

Reply via email to