How To Configure AzureAD with Centreon

  • 3 August 2022
  • 5 replies
  • 392 views

Userlevel 2
Badge +2


In this article, we will describe how to configure AzureAD with Centreon.

AzureAD is one of the most common Identity Provider nowadays, and through OpenID Connect, you are able to connect to Centreon from your AD.

We will present you a little step by step tutorial to create an AzureAD application, configure it, and configure your Centreon OpenID Connect Authentication.

 

Configure your application in Azure AD

 

First of all go to your Azure portal. You should see a banner with a list of Azure application:

  • Click on Azure Active Directory.

 

  • On your main dashboard click on Enterprise applications
  • Then click on New Application. Provide all the informations to create your application.

 

For the purpose of this tutorial I have create a new application named "centreon-delegated-authentication"

On the main dashboard of your application, you will need 2 informations mandatory to configure AzureAD in Centreon.

1: Your Tenant ID
2: Your Client ID

We will see later when and how to use those IDs.

 

  • Click on Authentication on the left menu.
  • Click on the Add a Platform Button
  • Click on Web
  • To configure your Authentication you will need to provide a redirect uri.

 

The format should be <scheme>://<your_domain_name>/centreon/authentication/providers/configurations/openid

⚠️ If your Centreon platform is NOT on a localhost the scheme MUST BE https.

If your Centreon platform is not in HTTPS be sure to follow the documentation before going further in this tutorial
https://docs.centreon.com/docs/administration/secure-platform/#enable-https-on-the-web-server

  • On the menu "Implicit grant and hybrid flows" be sure to only chose ID Tokens.

Now our application is configured. We still need to create a secret key to be able to configure it in Centreon.

  • Click on Certificates & Secrets > Client secrets > New client secret
  • Be sure to copy the value (3) of your secret key as it will only available on creation. After, you'll not be able to see this value anymore.

 

Now login to Centreon and access to the new Menu Authentication > OPENID CONNECT CONFIGURATION.

Configure it as follow:

- Enable OpenID Connect authentication

- Authentication mode: as you wish

- Base URL : https://login.microsoftonline.com/<your_tenant_id>/oauth2/v2.0

- Authorization Endpoint: /authorize
- Token Endpoint: /token
- Client ID: <your_client_id>
- Client Secret: <your_client_secret>
- Scopes: openid offline_access (offline_access is not mandatory but highly recommended as this scopes will provide refresh token)
- login claim value: email
- User information endpoint: https://graph.microsoft.com/oidc/userinfo

Your configuration should look like this:

When you are sure all the informations are good, Save the form.

 

Centreon doesn't handle yet the auto import of user from AzureAD. You will need to create your users in Centreon before being able to connect.

Once your users are created when reaching the Login page you will see a new button Login with OpenID.

 

While clicking on it you'll be redirect to your Azure AD Authentication. If your authentication is successful and your user is create in Centreon, you will be logged in Centreon!

 

Congratulations \o/ !


5 replies

Badge +6

Hello,

Thanks for the tutorial

question: where should we configure url redirect on centreon 22.04.7 please

because on the AZURE side, I have configured the same url that you shared

and I have the following error

  • To configure your Authentication you will need to provide a redirect uri.???

 

The format should be <scheme>://<your_domain_name>/centreon/authentication/providers/configurations/openid

 

Thanks in advance

Userlevel 2
Badge +2

Hello, you have to go to Authentication Menu > Add a Platform > Then on the rightside panel you can click on Web, then here you will be able to configure your url redirect. 

According to your message your redirect uri is correctly formated on centreon side but doesn’t match the url redirect in your Azure AD application

Badge

Hello,

Thanks for your tutorial.

I followed all the steps, but I have an error after AzureAD login. It seems that token url is unreacheable (It isn’t when I type it in my browser)

Do you have any idea of where the issue may come from ?

kind regards

Badge +6

Hello @samaga777 

you have to try this url in Identity provider

https://login.microsoftonline.com/*****************************/oauth2/v2.0

 

 

 

Badge

Hello, I found a way to make it work.

What I didn’t mention is that this server works behind a corporate proxy. The connection towards the “/token” endpoint is made by the webserver (I always thought that this connection was made by the end-user 🤔).

Problem is that even by adding proxy in “ui settings” or as an evironment variable ($http_proxy), proxy is ignored.

So I manually added the proxy as a CURL options directly in this file:

/usr/share/centreon/src/Core/Security/Authentication/Domain/Provider/OpenIdProvider.php

Now the token url is available and the oidc connection can happen 👍

If someone knows a “proper” method, I’m happy to learn

Reply