SSO with SAML & Azure Entra ID

Hello,

Do you have some logs into /var/log/centreon/login.log and/or /var/log/centreon/centreon-web.log ?

Hi Jérémy,

I have activated the authentication debug and I have found this error message in centreon-web.log:

[2023-11-21T11:56:13-0500] [ERROR] [Core\Security\Authentication\Application\UseCase\Login\Login:168]: An error occurred during authentication {"trace":"Core\\Security\\Authentication\\Infrastructure\\Provider\\Exception\\SAML\\ProcessAuthenticationResponseException: Invalid metadata, the validation failed in /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/Exception/SAML/ProcessAuthenticationResponseException.php:30\nStack trace:\n#0 /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/SAML.php(124): Core\\Security\\Authentication\\Infrastructure\\Provider\\Exception\\SAML\\ProcessAuthenticationResponseException::create()\n#1 /usr/share/centreon/src/Core/Security/Authentication/Application/UseCase/Login/Login.php(99): Core\\Security\\Authentication\\Infrastructure\\Provider\\SAML->authenticateOrFail()\n#2 /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Api/Login/SAML/CallbackController.php(56): Core\\Security\\Authentication\\Application\\UseCase\\Login\\Login->__invoke()\n#3 /usr/share/centreon/vendor/symfony/http-kernel/HttpKernel.php(163): Core\\Security\\Authentication\\Infrastructure\\Api\\Login\\SAML\\CallbackController->__invoke()\n#4 /usr/share/centreon/vendor/symfony/http-kernel/HttpKernel.php(75): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw()\n#5 /usr/share/centreon/vendor/symfony/http-kernel/Kernel.php(202): Symfony\\Component\\HttpKernel\\HttpKernel->handle()\n#6 /usr/share/centreon/api/index.php(47): Symfony\\Component\\HttpKernel\\Kernel->handle()\n#7 {main}"}

 

in login.log :

2023-11-21 11:56:13|-1|0|0|[saml] [INFO] authenticate the user through SAML []

Hi,

I am wondering if I need to change something in /etc/httpd/conf.d/10-centreon.conf (as it as to be done for web sso) ...

The URL below are not responding well and I am not sure if it is normal.

https://*.*.com/centreon/api/latest/saml/acs

https://*.*.com/centreon/api/latest/saml/sls

I can compare to another app also configured with Azure Entra as an IdP and the ACS URL is responding well.

I am referring to this doc Configuring connection via SAML | Centreon Documentation

Sylvain

Hello @slvndp 

I have exactly the same issue. Have you found the solution?
Thanks

Bonjour Arthur,

Unfortunately no solution found so far..

Sylvain

Bonjour à tous,

Same, same on my setup.
Very annoying to secure our centreon

Any help from centreon team, please @Jérémy Jaouen , @Laurent 

Merci d’avance

Hi @martin , @slvndp , @Arthur which version of Centreon and which version of Azure Entra ID?

Hello @Laurent,
For me centreon 23.10.10, Azure Entra ID has no version with the SaaS.
Thanks

hello do you have update please ?, me too i have same error

thank you in advance

and we need passwordless

[2024-05-31T17:24:37+0200] [ERROR] [Core\Security\Authentication\Application\UseCase\Login\Login:166]: An error occurred during authentication {"trace":"Core\\Security\\Authentication\\Infrastructure\\Provider\\Exception\\SAML\\ProcessAuthenticationResponseException: Invalid metadata, the validation failed in /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/Exception/SAML/ProcessAuthenticationResponseException.php:30\nStack trace:\n#0 /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Provider/SAML.php(124): Core\\Security\\Authentication\\Infrastructure\\Provider\\Exception\\SAML\\ProcessAuthenticationResponseException::create()\n#1 /usr/share/centreon/src/Core/Security/Authentication/Application/UseCase/Login/Login.php(97): Core\\Security\\Authentication\\Infrastructure\\Provider\\SAML->authenticateOrFail()\n#2 /usr/share/centreon/src/Core/Security/Authentication/Infrastructure/Api/Login/SAML/CallbackController.php(56): Core\\Security\\Authentication\\Application\\UseCase\\Login\\Login->__invoke()\n#3 /usr/share/centreon/vendor/symfony/http-kernel/HttpKernel.php(181): Core\\Security\\Authentication\\Infrastructure\\Api\\Login\\SAML\\CallbackController->__invoke()\n#4 /usr/share/centreon/vendor/symfony/http-kernel/HttpKernel.php(76): Symfony\\Component\\HttpKernel\\HttpKernel->handleRaw()\n#5 /usr/share/centreon/vendor/symfony/http-kernel/Kernel.php(197): Symfony\\Component\\HttpKernel\\HttpKernel->handle()\n#6 /usr/share/centreon/api/index.php(47): Symfony\\Component\\HttpKernel\\Kernel->handle()\n#7 {main}"}
 

i have this result

 l'application SAML a demandé aux utilisateurs de s'authentifier avec « Mot de passe, ProtectedTransport ». Il est spécifié RequestedAuthnContext qui est une valeur dans la requête SAML envoyée depuis l'application SAML vers Azure AD. Comme la méthode d'authentification ne correspond pas, Azure AD génère une erreur avant d'envoyer la réponse SAML.

si cela peut t’aider : 

Hello everyone, 
Did you found any solutions ? 
I hope so. Thanks by advance. 

​@Cismerkus 

Configuration SAML v2 avec Entra ID (Azure AD) - Centreon 24.10 - Debian 12 | Community