+3
Bonjour, je me permets de vous contacter, concernantl’utilisation OpenId Connect je cherche de l'aide pour le mettre en place j’ai bien le Client ID et secret id avec BaseUrl mais je n'arrive pas à me connecter via « connectWithOpenIdConnect »Aucun message « 504 Gateway Time-out «
Centreon 21.04.04avec 21.0.7 pour le web
J’ai des logs dans /var/log/centreon/login.log
Voici ma conf
*Screenshot deleted because of confidential information*
Best answer by Laurent
View original
+3
Hi
I just put /introspect
and delete browser cache
now I have the following error in /var/log/centreon/login.log
<image removed because contains company information>
+18
In your MS Azure configuration can you check with Centreon url redirection is configured?
+18
Do you have an user into Centreon with a login equal to this email address?
+3
<image removed because contains company information>
I confirm that the user is in Centreon with a login equal to this email address
+3
and in inspect page connection centreon I have this as an error
+18
Do you have errors in /var/log/php-fpm/centreon-error.log?
+3
Hi
I did the test by modifying Email = Alias / Login (email address) and it works very well
now to standardize my conf, the AZURE team can't interpret the values qye you told me “name”, “family_name”, “given_name” in claim (azure)
+18
Hi
To summarize:
Regards,
+3
Hi
I asked the team AZURE to configure on their side Login claim value equal “Alias / Login” they are seeing how to make the change, then I test on my side.
+3
Hi
here is the modification made by the team AZURE
here is the modification made by the AZURE teamand on the centreon side I tested by putting in Login claim value a value: Alias/Login or emailit doesn't workplease Laurent, do you have any idea what value should be put on the AZURE provider side? please Regards,
+18
You must keep email but be sure that the value return with email is equal to the value defined for Alias / Login value
+3
Hi
ok i just put email in idp
I know what to put on the AZURE side? the system team does not help me much
deplus I do not have the hand on the config AZURE
<image removed because contains company information>
Regards,
+18
On Azure, you must add a claim whatever its name (prefered_username, user_name, email, etc.) but the content of this variable must correspond to the login of a user registered in Centreon.
Centreon must be able to recognize a user who has authenticated on Azure.
Either you use the user's name or his email address but there must be a match.
So the name of the claim is not important (just define it into Centreon OIDC configuration), the value of this claim is really important to match users
+3
Hi
First of all, thank you again for your help and your availability,
Here I have almost 4 hours with the system team for , we tested several values in order to find the one that returns "login" unfortunately none of them worked,
the only one that works is email by modifying in centreon the content "Alias / Login" to firstname_lastname, I can connect well
I believe for the moment to stop the researches.because the system team asks me to contact centreon support in order to know what exact value to put on azure in order to recover the login of the users (centreon). FYI I have already configured it on LemonLDAP in another project.the login (centreon)
Regards,
+18
I want to allow John Doe to access to Centreon UI using an Identity Provider.
In Centreon, I have this configuration for my user:
Here the login of John Doe is jdoe
To authenticate users with MS Azure, I configured Centreon like this:
So here I am waiting for MS Azure to add a claim whose name is login
In Microsoft Azure, I added an additional claim like:
So MS Azure will send to Centreon the login variable (claim) and Centreon will extract the jdoe value.
Because the jdoe value exists for an user, John Doe will be connected.
I hope this answer will be more understandable.
In the MS Azure configuration I put user.samaccountname but you need to define the correct Azure property which will send the jdoe value in our example.
+3
Hi
I confirm that I understood your explanation correctly and thank you again, unfortunately it still hangs with the same error message
<image removed because contains company information>
Here is the conf proposing and it does not work
I specify something else I have to put the value /introspect otherwise nothing happens from the HMI
They can't put the following value
Under the pretext on the system side, they are not FULL ARURE but synchronized between the ompremise and ARURE.
This is how centreon-side user registration looks after LDAP synchronization.
<image removed because contains company information>
+18
Hi @idi, “login” is not present in the user information endpoint return.
If you use LDAP, I see that the login look like to “given_name” from user information endpoint return.
Maybe use “given_name” in the OpenId Connect for the “Login claim value” field.
Regards,
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.