Question

OpenId connect + AAD - Proxy settings

  • 20 April 2023
  • 3 replies
  • 169 views

Badge +4

Hello, 
I am implementing centreon openid connect with Azure AD, and I have an error “could not resolve host login.microsoftonline.com”.

the central server does not have direct access to the internet, the flows are proxied. how do I configure open id connect so that it uses my proxy?

 

Thanks all


3 replies

Badge +2

Hello Patrick,

We have started configuring centralized authentication with Azure AD, and we also have a server that requires going through a proxy to access the internet.
I have done some research in the Centreon code and discovered that OpenID authentication does not use the Centreon UI Proxy configuration (found in the Administration > Centreon UI menu).
I have opened a support ticket to learn more about this.

In the meantime, I have found an alternative to force the use of a proxy for OpenID authentication (by hardcoding it in the code).
I want to mention that I am using version 22.10 and making the modification on a central server:

1. I open the file: /usr/share/centreon/src/Core/Security/Authentication/Domain/Provider/OpenIdProvider.php
2. I search for all occurrences that make an HTTP request: $this->client->request( in the file.
3. I add the "proxy" parameter with the value "http://proxy_hostname:proxy_port".
4. I make the modification for all the HTTP calls in the file (I believe there are 5 occurrences).

Here's an example of the first occurrence in the file:

$response = $this->client->request(
    'POST',
    $customConfiguration->getBaseUrl() . '/'
    . ltrim($customConfiguration->getIntrospectionTokenEndpoint(), '/'),
    [
        'headers' => $headers,
        'body' => $data,
        'verify_peer' => $customConfiguration->verifyPeer(),
        'proxy' => 'http://proxy_hostname:proxy_port'
    ]
);

The 'proxy' line has been added. Don't forget to add a comma at the end of the previous line before the addition.

Please note that you should not make these modifications if you are unsure about what changes to make. It could break authentication on the web interface. I would not recommend making these modifications unless you have advanced knowledge.

I will post a message in response to Centreon's reply for archival purposes.

Lanxor.

Badge +2

Oh, I just found the following post that addresses my current issue:

I will test the Apache configuration to see if it works.

Badge +4

Hello Lanxor.
Thank you for your detailed help. Modifying the 10-centreon.conf file under /opt/rh/httpd24/root/etc/httpd/conf.d/ solved the authentication problem via openID to AAD.
Modifying the file you mentioned requires a thorough knowledge of the code, which I don't have.
Thank you for your help.

Reply