Re: [Koha-devel] Azure configuration for OAuth authentication with Koha
Hi David, Ahh, yes I see. Thanks very much for that information, it has been very helpful! Kind regards, Alex On 23/05/23 11:44, David Cook wrote: Hi Alex, Well, the good news is that OIDC is just a wrapper around OAuth2, so a lot of the same things apply either way. But my experience using only OAuth2 for AuthN is pretty limited. Previously, I've reviewed how Keycloak integrates with OAuth2 endpoints for things like Facebook: https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java Sounds like you're making progress though. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 -Original Message- From: Alex Buckley Sent: Monday, 22 May 2023 3:23 PM To: David Cook ; 'koha-devel' Subject: Re: [Koha-devel] Azure configuration for OAuth authentication with Koha Hi David, Ah that might be the problem! The client is using OAuth with Azure currently. We have indeed set up using OIDC with Azure before, but we haven't used OAuth before with any identity providers. Thanks for raising that. Are you aware of what IdP OAuth should be used with? Kind regards, Alex On 22/05/23 11:27, David Cook wrote: Hi Alex, Do you mean OAuth or OIDC? With Azure you'd want to be using OIDC which I think you folk have set up before with Azure? When it comes to the URIs you register, you'll want to use a * wildcard at the end of the OpacBaseURL, so that the users are able to login from any page in the Koha OPAC. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 -Original Message- From: Koha-devel On Behalf Of Alex Buckley Sent: Monday, 22 May 2023 6:26 AM To: koha-devel Subject: [Koha-devel] Azure configuration for OAuth authentication with Koha Hi Koha community, If you have configured Koha OAuth authentication with Azure could you please let me know what did you configure as the Redirect and Reply URIs in Azure? Context: We have a library (running Koha 22.11) that is trying to setup OAuth authentication with Azure. They have configured the Koha end using the new Koha 'Administration' > 'Identity provider' pages. When this library attempt a SSO login they get a 'AADSTS00113: No reply address is registered for the application' Azure error - see attached. Should the Redirect and Reply URIs in Azure just be the Koha OpacBaseURL (with https), or something else? Thanks so much, Alex -- Alex Buckley Koha Developer | Implementation Lead Catalyst.Net Limited - Expert Open Source Solutions Catalyst.Net Limited - a Catalyst IT group company CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. It may contain privileged, confidential or copyright information. If you are not the named recipient, any use, reliance upon, disclosure or copying of this email or its attachments is unauthorised. If you have received this email in error, please reply via email or call +64 4 499 2267. -- Alex Buckley Koha Developer | Implementation Lead Catalyst.Net Limited - Expert Open Source Solutions Catalyst.Net Limited - a Catalyst IT group company CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. It may contain privileged, confidential or copyright information. If you are not the named recipient, any use, reliance upon, disclosure or copying of this email or its attachments is unauthorised. If you have received this email in error, please reply via email or call +64 4 499 2267. ___ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
Re: [Koha-devel] Azure configuration for OAuth authentication with Koha
Hi Alex, Well, the good news is that OIDC is just a wrapper around OAuth2, so a lot of the same things apply either way. But my experience using only OAuth2 for AuthN is pretty limited. Previously, I've reviewed how Keycloak integrates with OAuth2 endpoints for things like Facebook: https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java Sounds like you're making progress though. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 -Original Message- From: Alex Buckley Sent: Monday, 22 May 2023 3:23 PM To: David Cook ; 'koha-devel' Subject: Re: [Koha-devel] Azure configuration for OAuth authentication with Koha Hi David, Ah that might be the problem! The client is using OAuth with Azure currently. We have indeed set up using OIDC with Azure before, but we haven't used OAuth before with any identity providers. Thanks for raising that. Are you aware of what IdP OAuth should be used with? Kind regards, Alex On 22/05/23 11:27, David Cook wrote: > Hi Alex, > > Do you mean OAuth or OIDC? With Azure you'd want to be using OIDC which I > think you folk have set up before with Azure? > > When it comes to the URIs you register, you'll want to use a * wildcard at > the end of the OpacBaseURL, so that the users are able to login from any page > in the Koha OPAC. > > David Cook > Senior Software Engineer > Prosentient Systems > Suite 7.03 > 6a Glen St > Milsons Point NSW 2061 > Australia > > Office: 02 9212 0899 > Online: 02 8005 0595 > > -Original Message- > From: Koha-devel On > Behalf Of Alex Buckley > Sent: Monday, 22 May 2023 6:26 AM > To: koha-devel > Subject: [Koha-devel] Azure configuration for OAuth authentication > with Koha > > Hi Koha community, > > If you have configured Koha OAuth authentication with Azure could you please > let me know what did you configure as the Redirect and Reply URIs in Azure? > > Context: We have a library (running Koha 22.11) that is trying to setup OAuth > authentication with Azure. > > They have configured the Koha end using the new Koha 'Administration' > > 'Identity provider' pages. > > When this library attempt a SSO login they get a 'AADSTS00113: No reply > address is registered for the application' Azure error - see attached. > > Should the Redirect and Reply URIs in Azure just be the Koha OpacBaseURL > (with https), or something else? > > Thanks so much, > > Alex > -- Alex Buckley Koha Developer | Implementation Lead Catalyst.Net Limited - Expert Open Source Solutions Catalyst.Net Limited - a Catalyst IT group company CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. It may contain privileged, confidential or copyright information. If you are not the named recipient, any use, reliance upon, disclosure or copying of this email or its attachments is unauthorised. If you have received this email in error, please reply via email or call +64 4 499 2267. ___ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
Re: [Koha-devel] Azure configuration for OAuth authentication with Koha
Hi David, Ah that might be the problem! The client is using OAuth with Azure currently. We have indeed set up using OIDC with Azure before, but we haven't used OAuth before with any identity providers. Thanks for raising that. Are you aware of what IdP OAuth should be used with? Kind regards, Alex On 22/05/23 11:27, David Cook wrote: Hi Alex, Do you mean OAuth or OIDC? With Azure you'd want to be using OIDC which I think you folk have set up before with Azure? When it comes to the URIs you register, you'll want to use a * wildcard at the end of the OpacBaseURL, so that the users are able to login from any page in the Koha OPAC. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 -Original Message- From: Koha-devel On Behalf Of Alex Buckley Sent: Monday, 22 May 2023 6:26 AM To: koha-devel Subject: [Koha-devel] Azure configuration for OAuth authentication with Koha Hi Koha community, If you have configured Koha OAuth authentication with Azure could you please let me know what did you configure as the Redirect and Reply URIs in Azure? Context: We have a library (running Koha 22.11) that is trying to setup OAuth authentication with Azure. They have configured the Koha end using the new Koha 'Administration' > 'Identity provider' pages. When this library attempt a SSO login they get a 'AADSTS00113: No reply address is registered for the application' Azure error - see attached. Should the Redirect and Reply URIs in Azure just be the Koha OpacBaseURL (with https), or something else? Thanks so much, Alex -- Alex Buckley Koha Developer | Implementation Lead Catalyst.Net Limited - Expert Open Source Solutions Catalyst.Net Limited - a Catalyst IT group company CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. It may contain privileged, confidential or copyright information. If you are not the named recipient, any use, reliance upon, disclosure or copying of this email or its attachments is unauthorised. If you have received this email in error, please reply via email or call +64 4 499 2267. ___ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
Re: [Koha-devel] Azure configuration for OAuth authentication with Koha
Hi Alex, Do you mean OAuth or OIDC? With Azure you'd want to be using OIDC which I think you folk have set up before with Azure? When it comes to the URIs you register, you'll want to use a * wildcard at the end of the OpacBaseURL, so that the users are able to login from any page in the Koha OPAC. David Cook Senior Software Engineer Prosentient Systems Suite 7.03 6a Glen St Milsons Point NSW 2061 Australia Office: 02 9212 0899 Online: 02 8005 0595 -Original Message- From: Koha-devel On Behalf Of Alex Buckley Sent: Monday, 22 May 2023 6:26 AM To: koha-devel Subject: [Koha-devel] Azure configuration for OAuth authentication with Koha Hi Koha community, If you have configured Koha OAuth authentication with Azure could you please let me know what did you configure as the Redirect and Reply URIs in Azure? Context: We have a library (running Koha 22.11) that is trying to setup OAuth authentication with Azure. They have configured the Koha end using the new Koha 'Administration' > 'Identity provider' pages. When this library attempt a SSO login they get a 'AADSTS00113: No reply address is registered for the application' Azure error - see attached. Should the Redirect and Reply URIs in Azure just be the Koha OpacBaseURL (with https), or something else? Thanks so much, Alex ___ Koha-devel mailing list Koha-devel@lists.koha-community.org https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : https://www.koha-community.org/ git : https://git.koha-community.org/ bugs : https://bugs.koha-community.org/
