Hi Juan, Sorry to respond to an old thread, but we just went through this at my institution and I wanted to share how we set up the Azure enterprise app and OIDC module.
For the single sign-on portion in the Azure enterprise app: 1. Select SAML 2. Enter a value for entity ID (we used our DSpace instance URL) 3. For the Reply URL enter "https://*YOUR_DSPACE_HOSTNAME*/server/api/authn/oidc"; For the OIDC module in DSpace: - The "client-id" is the application ID of your Azure enterprise app - We configured the endpoints directly, instead of setting a "server-url " and "server-realm." Values are based on your Azure AD tenant ID. You can find yours by going to App registrations in Azure AD, selecting your app, and clicking the "Endpoints" link on the Overview screen. authorize-endpoint = "https://login.microsoftonline.com/ *YOUR_TENANT_ID*/oauth2/v2.0/authorize" token-endpoint = "https://login.microsoftonline.com/*YOUR_TENANT_ID* /oauth2/v2.0/token" userinfo-endpoint = "https://graph.microsoft.com/oidc/userinfo"; With 7.3 we had an issue with permissions not being applied to users when they logged in through OIDC until the page was refreshed, but this is working correctly in 7.5. OIDC login is working great for us overall. Thanks! -David On Monday, August 8, 2022 at 4:29:37 PM UTC-4 Juan López wrote: > Hi, > > I'm trying to set OIDC auth on a Dspace 7.3 following the docs: > https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-OpenIDConnect(OIDC)Authentication > > We're using azure to configure Open ID connect, however, when we create a > new application and select "single sign-on" it doesn't show us the oidc > option... we know that this is an issue of azure and already started a > ticket with microsoft to see if they can explain this behaviour. > > However, we have other applications in azure that are using OIDC and the > "server-url", "server-realm" and "client-id" needed for the module are not > shown. So, even if we fix the issue with azure and create an app that uses > OIDC as SSO, we will not be able to get this missing data. > > This post is to ask if anyone has set OIDC in DSpace 7 using azure and if > they can share their experience with this module. > > Best regards, > > Juan. > > > > > -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/8c62b178-f05c-4af1-bfe2-08b91b42c142n%40googlegroups.com.
