oauth-2.0azure-active-directorysaml-2.0icingaweb2

AzureAD authentication to Icingaweb2

Is it possible to authenticate to Icingaweb2 through AzureAD (SAML/oauth2/openID) ?

Solution

  • This thing is actually possible to achieve with usage of https://github.com/bitly/oauth2_proxy

    1. After this proxy is installed and configured, run it with -set-xauthrequest info is in github repo wiki/readme

    2. Set up icingaweb2 for external authentication by adding:

      [autologin]
backend = external

      into authentication.ini file

    3. In icingaweb2 you need to add:

      fastcgi_param REMOTE_USER $http_X_User;

      into nginx/apache configuration.

    If you will use same cookie name and secret pair in oauth2 proxy configuration, you will be authenticated to all your systems (Graylog SSO plugin, Icinga2, any your site) with pure SSO experience.