Share via

Azure Open Id module with tomcat web server in windows 2022 machine

Shah Mita (YIANA) 0 Reputation points
2024-03-21T11:37:19.94+00:00

We would like to implement SSO in Siebel Onpremise application. The solution is

Siebel Azure integration involves setting up Siebel application with LDAP authentication using LDAPSecAdpt profile, setting up and configuring Apache with reverse proxy HTTPS and modauth for openIDC, configuring Azure application with Redirection to Siebel Application along with LDAP user setup and finally configuring Logout functionality for SSO sessions.

 

  1. Apache with OpenID : User attempts to Siebel URL protected by Apache web server.
  2. Apache with OpenID : Apache web server have reverse proxy set up with open id module
  3. ( We are using Azure application as Identity provider) : OpenID checks for existence of a cookie in users computer. If a valid cookie found then OpenID populates header variable and the user id is passed to Siebel ( For example : Windows username)
  4. If no cookie exists then user is allowed to enter user windows username and password. This will be passed to active directory. It will return windows username.
  5. If credentials are authenticated , Azure cookie is set and OpenID sets the header variable and redirects the request to Siebel.
  6. Siebel LDAP security adapter retrieves database username from Active directory.
  7. Siebel session is started with appropriate responsibilities and will show all the information based on the user’s position.

But We arenot able to find open id module to connect with Azure.

Can you help me with this solution ?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,726 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
24,184 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,186 Reputation points Microsoft Employee
    2024-03-22T22:53:38.9266667+00:00

    Hi @Shah Mita (YIANA) , can you please follow these steps and let me know if they work for you? If not it'll help narrow down the issue. It seems like you've already followed some of these steps, but in case you didn't:

    1. Download the mod_auth_openidc module from the GitHub repository.
    2. Extract the downloaded ZIP file to a directory on your server.
    3. Copy the mod_auth_openidc.so file to the Apache modules directory.
    4. Add the following lines to your Apache configuration file to load the module:
    LoadModule auth_openidc_module modules/mod_auth_openidc.so
    1. Configure the module by adding the following lines to your Apache configuration file: 
         Location /oauth2callback
   AuthType openid-
   Require valid-user
   LogLevel debug
   /Location
   
   OIDCProviderMetadataURL https://login.microsoftonline.com/{tenant}
      Replace {tenant} with your Azure AD tenant ID, {client-id} and {client-secret} with the client ID and secret of your Azure AD application, {your-apache-server} with the hostname of your Apache server, and {passphrase} with a passphrase of your choice. Restart Apache to apply the changes.

    With mod_auth_openidc configured, Apache will redirect users to the Azure AD login page when they try to access a protected resource. After the user logs in, Azure AD will redirect the user back to Apache with an ID token. Apache will then validate the ID token and set the REMOTE_USER environment variable to the user's email address.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.