Xibo Authentication with Entra ID

Taha_Samai · August 28, 2024, 11:41am

Hello
I want my xibo account use AD authentification, I follow the guide below :SAML Single Sign on with Active Directory - ADFS | Xibo Digital Signage
but I didn’t use adfs server I use entra ID
but not worked for me , any one know if xibo work with entra ID
thanks

pitoco02 · August 28, 2024, 2:00pm

its not that hard, but it needs some attention… and not all settings are the same for everyone
I was able to make it using those topics bellow:

Taha_Samai · September 11, 2024, 1:33pm

hi thanks for your answer,
I did the same configuration but was not worked for us, it’s very weird ,

Taha_Samai · September 12, 2024, 9:34am

it’s look like the file settings-custom.php not impacted or used by xibo because when we edit this file nothing change

pitoco02 · September 12, 2024, 5:43pm

You may use only settings.php to do this…
put those configs inside “settings.php” file, and will work

Taha_Samai · September 13, 2024, 9:54am

where I can find the setting.php for xibo ?

pitoco02 · September 13, 2024, 12:46pm

in the same path:

Settings.php is the same file that you insert you databse connection.
But you will also insert the config from SAML

/web folder

Taha_Samai · September 17, 2024, 10:34am

thanks a lot I fix it now
but I had an issue now that is show this below error message :

Error - AADSTS75011 Authentication method by which the user authenticated with the service doesn’t match requested authentication method AuthnContextClassRef

I changed the value from false to true on ‘authnRequestsSigned’ but I have this an other issue

Error

Unexpected Error, please contact support.
I don’t know is still any other setting I need to do it
thanks

Taha_Samai · September 17, 2024, 10:40am

this is the config from xibo side

pitoco02 · September 17, 2024, 1:03pm

This is how i use mine:

And the custom attributes from entra i set like this:

Delete all custom attibuttes, and the two you need to use is:

mail
uid

In my case i use the user mail to identify the user inside the cms, this why both of declarations are set usign “user.mail” as value to the attibute. But that is not a rule.
The rule is that you need to declare those attibutes and the value can be customized basing in how you will login into your CMS.

and inside the settings.php i use those declaration as you can see in the screenshot:


 'field_to_identify' => 'email',

and

'NameIDFormat' => 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',

To me, it’s all working good.

Taha_Samai · September 23, 2024, 11:20am

thanks a lot pitoco02 is worked for me the only change I did after make the same config you have is to change from ‘field_to_identify’ => ‘email’, to ‘field_to_identify’ => ‘UserName’,

Taha_Samai · September 23, 2024, 11:21am

but I have question how I can give my AD account to be admin on XIBO ?

pitoco02 · September 23, 2024, 3:33pm

I’m glad to hear that! You can mark my awnser as “Solution”. It turns easier to other members with the same problem find this solution as well.

Yes, for users already created you can change do that in your database you set “userTypeId” as “1” in user table.

Or to create new users as superAdmin, Group Admin or User in your SAML config just set the configurations that you want in your settings.php file:

can be 1, 2 or 3.

Taha_Samai · September 23, 2024, 3:53pm

yes thank a lot is worked for me, you are the best thanks a lot

system · December 23, 2024, 9:53pm

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.