Skip to content
This repository has been archived by the owner on May 2, 2024. It is now read-only.

Support for other Azure Clouds #191

Open
ellisgeek opened this issue Apr 21, 2023 · 10 comments
Open

Support for other Azure Clouds #191

ellisgeek opened this issue Apr 21, 2023 · 10 comments
Labels
documentation Improvements or additions to documentation enhancement New feature or request

Comments

@ellisgeek
Copy link

I work for a company that is required to use Azure GCC High and it appears that the endpoint is currently hardcoded to the Azure Public Cloud. This means we are unable to evaluate aad-auth for our users.

It would be nice if the endpoint were configurable alongside the existing configuration.
@MrDaGree
Copy link

I could also utilize this as well

@jibel
Copy link
Collaborator

jibel commented Apr 25, 2023
edited
Loading

Thanks for your report. We plan to support other Azure Clouds, but it is not on our roadmap yet. We will complete the documentation to indicate that only Azure Public Cloud is supported at the moment.

@jibel jibel added documentation Improvements or additions to documentation enhancement New feature or request jira Sync to jira labels Apr 25, 2023
@dmulder
Copy link

dmulder commented Aug 7, 2023
edited
Loading

I believe you can support this by making an api request to https://odc.officeapps.live.com/odc/v2.1/federationProvider and specifying the domain as a parameter. You can see how I've done it in himmelblau in the request_federation_provider function.

@dmulder
Copy link

dmulder commented Aug 7, 2023

@MrDaGree or @jibel could you confirm this is correct using this simple python script?

#!/usr/bin/python3
import requests
import json

url = 'https://odc.officeapps.live.com/odc/v2.1/federationProvider?domain=%s' % 'XXXXX.onmicrosoft.com'
resp = requests.get(url)
parsed = json.loads(resp.text)
print(json.dumps(parsed, indent=4))

Replace XXXXX.onmicrosoft.com with your company domain name. Then just confirm that the authority_host in the output is what you'd expect.

@ellisgeek
Copy link
Author

ellisgeek commented Aug 7, 2023
edited
Loading

I can confirm that the output of that query matches the cloud that we are in. But making a http request for that seems like overkill to me, we just need to be able to configure the endpoint in /etc/aad.conf

@jibel jibel removed the jira Sync to jira label Oct 19, 2023
@ebarrere
Copy link

We too will need this, as AAD-integration is the main reason we are looking at Ubuntu in the first place.

@dmulder
Copy link

dmulder commented Apr 17, 2024

Check out Himmelblau: https://youtu.be/rSeHxs0JX58
This should already be working in Himmelblau.

@dmulder
Copy link

dmulder commented Apr 17, 2024

And catch my SambaXP talk (for free) about it tomorrow: https://sambaxp.org/sxp-2024-faq

@ebarrere
Copy link

Could someone give me a crash course on how to build this project? CONTRIBUTING.md is not helpful, but if I could build it I might be able to piece together an acceptable PR for this. ..Or at very least I could hard-code it to our GovCloud URL and see if that solves my requirement :)

@ebarrere
Copy link

ebarrere commented Apr 23, 2024
edited
Loading

I've opened PR 500 that adds this functionality, though the system is saying I haven't signed the CLA (I have, many times now). If anyone is interested in testing I can send deb packages or instructions to build.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ellisgeek @ebarrere @jibel @dmulder @MrDaGree