Azure SSO Setup

To be completed by the original poster:

CMS Version

3.3.3

Installation Method

Docker

Operating System

Ubuntu 22.04

Issue

I see there are instructions for using ADFS and a few posts about Azure SSO, but no real instructions or walk throughs. Does anyone have documentation on how to successfully setup Azure SSO?

I’ll be more than happy to create detailed documentation for the project afterwards that they can add to their office doc repo so others have this information as well, if anyone can help.

Thanks in advance!

  • Brian

Hi itsjustbrianyo, welcome to the community!

Please take a look at this document for more information on how to set up SSO with ADFS.

Many Thanks.

After a lot of searching and reading, I was able to figure it out and wanted to post my solution for those that might be looking as well. Maybe this can be added to the official documentation?

In Azure AD, navigate to Enterprise Applications and click on New Application. This will open a new page where you’ll then click on Create Your Own Application

Enter a name for the app, select the Integrate any other application you don’t find in the gallery (non-gallery) option, and then click Create.

Once the application has been created, click on Single Sign-On in the menu on the left and then click on the SAML card.

Click the Edit button under Basic SAML Configuration and enter the following:

Once completed, click Save at the top of the page.

Click the Edit button under Attributes & Claims and remove all of the Additional Claims. Add 2 new claims, but clicking the Add New Claim button.

Claim 1:

  • Name: mail
  • Source Attribute: user.userprincipalname

Claim 2:

  • Name: uid
  • Source Attribute: user.mailnickname

Once completed, keep the page open as information from the page will be needed in the Xibo configuration file.

For Xibo, we’re running it in Docker on top of Ubuntu 22.04. File names/locations may differ.

Edit settings-custom.php location in /[docker-mount]/shared/cms/

We’ll need to make the following changes with some information being copied/pasted from Azure.

Under the ‘idp’ array, change the following:

  • ‘entityId’ => ‘copy/paste the App Fedoration Metadata URL’,
  • ‘singleSignOnServer’ => ‘copy/paste the Login URL’,
  • singleLogoutService’ => ‘copy/page the Logout URL’,
  • x509cert => ‘Download and open the Base64 Cert and copy/paste the certificate info’,

Under the ‘sp’ array, change the following:

Save the changes and restart your docker containers.

2 Likes

One change.

When I was figuring this out, I could not get SSO to work with the NameIDFormat line set to the default and change it from emailAddress to persistent, which finally worked.

I later discovered that this created an issue that cause the displays to not check it while SSO was enabled. I tested a number of different settings and the one that allowed both SSO and the displays to check in was using transient as the NameIDFormat.

So, in my original steps above, change the following:

  • ‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:2.0:nameid-format:persistent

to

  • ‘NameIDFormat’ => ‘urn:oasis:names:tc:SAML:2.0:nameid-format:transient
1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.