Probléme configuration openid

Hi @idi can you ty to update to Centreon 21.04.10 and test agin?

Regards,

Hi @Laurent  

For the moment my manager does not wish to make a version upgrade.to upgrade just for the web? is possibly?

Regards,

Yes you can only update centreon-web and all dependencies using:

yum update centreon-web

Regards,

Hello @Laurent 

I have just updated the centreon-web to 21.04.10, I have this error now :
2022-02-07 12:18:08|-1|0|0|[OpenId] [Error] Unable to get Token Access Information: RestNotFoundException, message: Page not found
2022-02-07 12:18:08|-1|0|0|[OpenId] [Error] Unable to get login from claim: email

Regards,

Thanks to anyone who has an idea ;)

Hello @Laurent une idée svp

Hi @idi , the error message says: “message: Page not found”

It means that the Centreon central server can’t access to the /token endpoint.

Can you try to make a curl on this endpoint? 

Hi @Laurent 

indeed the curl does not respond

[root@br-hop-po15 ~]$curl https://login.microsoftonline.com/85eca096-674d-4fd9-9a9e-ae1178e2ee56/oauth2/v2.0/token

I think I have to configure my proxy to go out?

Yes if you need a proxy, you have to configure it into Centreon using “Administration > Parameters > Centreon UI” menu.

To test in CLI you need to use:

export http_proxy=http://myproxy:port
export https_proxy=https://myproxy:port

*Screenshot deleted because of confidential information*

Hi @Laurent 

I configured the proxy “Administration > Parameters > Centreon UI” menu.
unfortunately always errors

Ok now Centreon receive the token of the connected user on your IDP but Centreon can’t get additional information (token introspection endpoint).

Our documentation describes as examples:

• Introspection Token Endpoint => /introspect
• User Information Endpoint => https://graph.microsoft.com/oidc/userinfo

Can you check your configuration?

Hi @Laurent 

I confirm that I have the same conf as what you told me. unfortunately always errors

*Screenshot deleted because of confidential information*

CONF side AZURE

@idi can you check with Microsoft if you need to use another endpoints?

We performed tests 3 months ago with this configuration and every was OK, may be they change their configuration.

But the good news is now Centreon passed 2 firsts steps:

• Authentication to Microsoft IDP
• Get authenticated user token

Only last two steps are missing

Hi @Laurent 

I don't know from whom? I will look at the microsoft docs.
Honestly, I've been struggling for 10 days to activate openid.Thanks again for your time,

@idi by exporting the proxy in a shell term, try to make curl on “Introspection Token Endpoint” as well as “User Information Endpoint”.

Regards,

Hi @Laurent 

after exporting the proxy
[root@br-hop-po15 ~]$curl https://login.microsoftonline.com/85eca096-674d-4fd9-9a9e-ae1178e2ee56/oauth2/v2.0/introspect

[root@br-hop-po15 ~]$curl https://graph.microsoft.com/oidc/userinfo
curl: (56) Received HTTP code 407 from proxy after CONNECT

Can you try by deleting “/introspect” endpoint (keep empty)?

Hi @Laurent   

after adding microsoft.com in my proxy whitelist it works again

[root@br-hop-po15 ~] /var/log/centreon]$ curl https://graph.microsoft.com/oidc/userinfo
{"error":{"code":"InvalidAuthenticationToken","message":"Access token is empty.","innerError":{"date":"2022-02-08T14:54:43","request-id":"8c49f075-2dd3-48d3-8223-48c73a7ef963","client-request-id":"8c49f075-2dd3-48d3-8223

tout ça comme endpoint: coté équipe AZURE

*Screenshot deleted because of confidential information*

@idi so everything is working now?

Can you try by deleting “/introspect” endpoint (keep empty)?

already tested nothing happens when I click on

Can you give me complete error log trace (/var/log/centreon/login.log) when you click on button?

deleting “/introspect” 

no trace in the logs /var/log/centreon/login.log