https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28420 Bug ID: 28420 Summary: Allow login via AzureAD OpenID-Connect Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: mark.jaroski@gmail.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org Hi, At the World Health Organization our South-East Asian regional office uses Koha for their regional library, with access by all WHO staff in the region and selected staff worldwide. Since local user databases can present a security risk we require that all applications for staff be integrated with our identity provider which at the moment is Microsoft's AzureAD. AzureAD uses OpenID-Connect and is mostly drop-in compatible with Google's implementation, with the exception that in order to construct the URLs both for redirection and for validation you need to know the organization's Azure tenant ID. Because our system integrator is not interested in pursuing this integration I've taken it on myself, and so I've set up a development environment and have started working on the code. My plan is to set up the configuration parameters and to then use them in a very slightly altered copy of the current googleopenidconnect file. I think in the long run it would be better to have a generic OpenID-Connect configuration to allow integrations with other providers like Okta and OneLogin, but we don't need for the moment that so for now I'll just add the AzureAD provider. I'll read up on the rest of the contribution procedure, and I'll be back with a patch/PR in a few days. Best, Mark -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.