topic Re: Alfresco integration with azure AD for user/group sync in Alfresco Forum

Alfresco integration with azure AD for user/group sync

Tue, 15 Jan 2019 21:03:28 GMT

Hello everyone,We have need to integrate Alfresco with Azure AD for users/groups synchronization and authentication. Just wondering if anyone had similar requirement and it was possible to do so. Basically I am trying to find answer for:1) If it is possible to sync users and groups from Azure AD t

Re: Alfresco integration with azure AD for user/group sync

afaust — Wed, 16 Jan 2019 09:03:17 GMT

You can use Azure AD just like an on-prem AD. The only thing you'd need to do is enable LDAPS access to your Azure AD, which is not enabled by default. Check the appropriate Azure docs for enabling LDAPS.

With Alfresco Enterprise you can setup SAML authentication with Azure AD easily. I have this running at a local customer who uses Azure AD to handle external users. Note that even without SAML as SSO, you can already authenticate against Azure once you have configured the LDAP-AD integration.

Re: Alfresco integration with azure AD for user/group sync

Thu, 17 Jan 2019 08:22:41 GMT

Thanks a lot Axel. Now when we have confirmation that it is possible we will figure out next steps.

Re: Alfresco integration with azure AD for user/group sync

Mon, 04 Mar 2019 14:26:02 GMT

Hello Axel,

We are finally able to configure user and group sync from Azure AD. We are also able to setup SAML authentication against Azure AD enterprise application.

But we are having slight trouble when user tries to logout. We have configure IdP service URLs like following in Alfresco Admin console page:

IdP Authentication Request Service URL (SingleSignOnService Location from Azure AD metadata file)
IdP Single Logout Request Service URL (SingleLogoutService Location from Azure AD metadata file)
IdP Single Logout Response Service URL (SingleLogoutService Location from Azure AD metadata file)

We have identical URL for all three fields in metadata file. After logout it redirects user to

And after click of "Back to My Dashboard" button it takes user to user dashboard page without any login.

I am not sure if we are missing some configuration here but it seems logout is not really happening and also can we someone avoid share error page.

Best regards,

Rajesh

Re: Alfresco integration with azure AD for user/group sync

afaust — Mon, 04 Mar 2019 21:58:17 GMT

I remember hitting a similar error when we set this up at a customer, and it turned out we just had a configuration error in Azure config + Alfresco SAML config. Unfortunately I can't remember specifically what our mistake was, but you should check again if all the SAML login / logout URLs have been configured correctly both in Azure and Alfresco.

Re: Alfresco integration with azure AD for user/group sync

Thu, 14 Mar 2019 21:55:30 GMT

Thanks a lot Axel. After checking carefully we found followings in share.log:

2019-03-05 13:59:00,062 ERROR [org.alfresco.web.site] [http-apr-8080-exec-3] javax.servlet.ServletException: SAML LogoutResponse must be submitted using POST

It is rather obvious exception that after successful logout Azure AD sends logout response to Share Logout URL, but it should have been done using POST binding. Unfortunately I am not able to figure anyway in Azure AD to specify POST binding. Just hoping if this gives some hint for you to remember how you overcame this issue 🙂

Re: Alfresco integration with azure AD for user/group sync

sunnyoswal — Thu, 05 Sep 2019 09:30:46 GMT

Rajesh Jha‌ we are blocked with the same issue you summarized. Were you able to fix the issue ?

Re: Alfresco integration with azure AD for user/group sync

sunnyoswal — Thu, 05 Sep 2019 09:34:29 GMT

Hi Axel. We are also facing the exact issue and are blocked. Is the fix you made anywhere documented by now ?

Re: Alfresco integration with azure AD for user/group sync

Fri, 06 Sep 2019 05:33:16 GMT

Unfortunately not. We still have issue with logout.

Re: Alfresco integration with azure AD for user/group sync

sunnyoswal — Fri, 06 Sep 2019 07:17:36 GMT

Oh. If you don't mind answering, could you tell me if you still went with Azure AD SSO flow implementation and any workarounds you have in place for this logout issue ?

Re: Alfresco integration with azure AD for user/group sync

afjaber — Wed, 29 Mar 2023 17:50:09 GMT

Hi, we are looking into this method now for SAML SSO with Azure AD and MFA. Wondering if any of the previous commenters from 2019 ever solved the problem with the logout issue. Thank you!