[Koha-bugs] [Bug 28420] New: Allow login via AzureAD OpenID-Connect

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri May 21 17:49:56 CEST 2021 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28420

            Bug ID: 28420
           Summary: Allow login via AzureAD OpenID-Connect
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: mark.jaroski at gmail.com
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

Hi,

At the World Health Organization our South-East Asian regional office uses Koha
for their regional library, with access by all WHO staff in the region and
selected staff worldwide.

Since local user databases can present a security risk we require that all
applications for staff be integrated with our identity provider which at the
moment is Microsoft's AzureAD. 

AzureAD uses OpenID-Connect and is mostly drop-in compatible with Google's
implementation, with the exception that in order to construct the URLs both for
redirection and for validation you need to know the organization's Azure tenant
ID.

Because our system integrator is not interested in pursuing this integration
I've taken it on myself, and so I've set up a development environment and have
started working on the code. My plan is to set up the configuration parameters
and to then use them in a very slightly altered copy of the current
googleopenidconnect file.

I think in the long run it would be better to have a generic OpenID-Connect
configuration to allow integrations with other providers like Okta and
OneLogin, but we don't need for the moment that so for now I'll just add the
AzureAD provider. I'll read up on the rest of the contribution procedure, and
I'll be back with a patch/PR in a few days.

Best,

Mark

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.

More information about the Koha-bugs mailing list