I see that the documentation for SAML is via Auth0 (Okta). Is there a way to do it directly with Azure AD by creating an Entreprise Application or using App registrations on Microsoft Entra admin center side?
I know I can add SAML authentication via Azure AD but not sure if everything else remain the same on your end and if I need to call the same api Redirect URL?
Saml via Auth0 probably work,
code is as below, please try and let us know.
I linked Azure AD to Auth0 but I must be missing something. The Login url in Ferrumgate should be what exactly? I only see the default login prompt by default not a link to Auth0 for the login authentication. If I manually enter the “Identity Provider Login URL” in my browser grabbed from Auth0 it seems to sign me in but when I try to connect to the default webpage of Ferrumgate server I only see the local login Sign in window.
there is a bug on ui.
please follow these steps
- docker pull ferrumgate/ui.portal:1.8.0
- ferrumgate --stop
- ferrumgate --start
- on portal.azure.com
- create an application and from single/sign-on select SAML
identifier(Entity Id) is issuer
App Federation Metadata Url is Login Url
Download Certifcate Base64 and paste
add Auth0/SAML like this
I now see the Auth0 icon on the main login screen but using Azure AD directly gave me an error. So what I did is use auth0 connected in the backend with Azure AD and it seems to be working now.
Ok I saw that there’s some limitation with a dev account on Auth0 so I presume using Azure AD directly should be better.
When I use the test Sign-In on Azure portal I can connect in Ferrumgate fine but when I click on the Auth0 icon I get redirected to an XML file so I presume I must change something on the configuration on the Auth0/SAML config on Ferrumgate server?
Ok I found the issue I need to select the Login URL not the App Federation Metadata URL and it’s working
we will add Azure AD support directly on version 1.9.0
I have an issue when using Azure AD, on Microsoft Edge on an Azure AD added PC:
AADSTS75011: Authentication method ‘X509, MultiFactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Contact the ferrumgate application owner.
Microsoft have an article: Error - AADSTS75011 Authentication method by which the user authenticated with the service doesn't match requested authentication method AuthnContextClassRef. - Active Directory | Microsoft Learn
Is it possible to change PasswordProtectedTransport with unspecified?
we disabled AuthnContext, please try after below commands
docker pull ferrumgate/rest.portal:1.12.0
Yep, that fixed it. Thanks.