[Koha-devel] Azure configuration for OAuth authentication with Koha

David Cook dcook at prosentient.com.au
Tue May 23 01:44:05 CEST 2023 

Hi Alex,

Well, the good news is that OIDC is just a wrapper around OAuth2, so a lot of the same things apply either way.

But my experience using only OAuth2 for AuthN is pretty limited. Previously, I've reviewed how Keycloak integrates with OAuth2 endpoints for things like Facebook: https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/social/facebook/FacebookIdentityProvider.java

Sounds like you're making progress though.

David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia

Office: 02 9212 0899
Online: 02 8005 0595

-----Original Message-----
From: Alex Buckley <alexbuckley at catalyst.net.nz> 
Sent: Monday, 22 May 2023 3:23 PM
To: David Cook <dcook at prosentient.com.au>; 'koha-devel' <koha-devel at lists.koha-community.org>
Subject: Re: [Koha-devel] Azure configuration for OAuth authentication with Koha

Hi David,

Ah that might be the problem! The client is using OAuth with Azure currently. We have indeed set up using OIDC with Azure before, but we haven't used OAuth before with any identity providers.

Thanks for raising that. Are you aware of what IdP OAuth should be used with?

Kind regards,

Alex


On 22/05/23 11:27, David Cook wrote:
> Hi Alex,
>
> Do you mean OAuth or OIDC? With Azure you'd want to be using OIDC which I think you folk have set up before with Azure?
>
> When it comes to the URIs you register, you'll want to use a * wildcard at the end of the OpacBaseURL, so that the users are able to login from any page in the Koha OPAC.
>
> David Cook
> Senior Software Engineer
> Prosentient Systems
> Suite 7.03
> 6a Glen St
> Milsons Point NSW 2061
> Australia
>
> Office: 02 9212 0899
> Online: 02 8005 0595
>
> -----Original Message-----
> From: Koha-devel <koha-devel-bounces at lists.koha-community.org> On 
> Behalf Of Alex Buckley
> Sent: Monday, 22 May 2023 6:26 AM
> To: koha-devel <koha-devel at lists.koha-community.org>
> Subject: [Koha-devel] Azure configuration for OAuth authentication 
> with Koha
>
> Hi Koha community,
>
> If you have configured Koha OAuth authentication with Azure could you please let me know what did you configure as the Redirect and Reply URIs in Azure?
>
> Context: We have a library (running Koha 22.11) that is trying to setup OAuth authentication with Azure.
>
> They have configured the Koha end using the new Koha 'Administration' > 'Identity provider' pages.
>
> When this library attempt a SSO login they get a 'AADSTS00113: No reply address is registered for the application' Azure error - see attached.
>
> Should the Redirect and Reply URIs in Azure just be the Koha OpacBaseURL (with https), or something else?
>
> Thanks so much,
>
> Alex
>
--
Alex Buckley
Koha Developer | Implementation Lead
Catalyst.Net Limited - Expert Open Source Solutions

Catalyst.Net Limited - a Catalyst IT group company

CONFIDENTIALITY NOTICE: This email is intended for the named recipients only. It may contain privileged, confidential or copyright information. If you are not the named recipient, any use, reliance upon, disclosure or copying of this email or its attachments is unauthorised. If you have received this email in error, please reply via email or call +64 4 499 2267.

More information about the Koha-devel mailing list