Skip to content

Clarify how to create users on first sign-on in docs #28

Closed as not planned
Closed as not planned
Clarify how to create users on first sign-on in docs#28
@audunsolemdal

Description

@audunsolemdal
audunsolemdal
opened on Aug 19, 2020

My understanding is that this should be possible with Azure AD from here:

#8

But I'm a bit confused as to how configure this. I managed to link AAD auth for existing matomo users with the following settings

Authorize URL: https://login.microsoftonline.com/{tenant_id}/oauth2/authorize
Token URL: https://login.microsoftonline.com/{tenant_id}/oauth2/token
Userinfo URL: https://login.microsoftonline.com/{tenant_id}/openid/userinfo
Userinfo ID: sub
OAuth Scopes: openid

Do I also need to set OAuth scopes to
"openid email"?

My redirect config is the following:

Redirect URI override: https://mymatmominstance.com/oidc/callback

Ingress manifest (kubernetes ingress)

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /index.php?module=LoginOIDC&action=callback&provider=oidc
  labels:
    app.kubernetes.io/instance: matomo
    app.kubernetes.io/name: matomo
  name: matomo2
  namespace: prod
spec:
  rules:
  - host: mymatmominstance.com
    http:
      paths:
      - backend:
          serviceName: matomo
          servicePort: http
        path: /oidc/callback

I also have another ingress for regular / path matching up

If I remove the redirect URI, the AAD login redirects me to

/index.php?module=LoginOIDC&action=callback&provider=oidc&code=....
And I get Unexpected response from OAuth service.

if the redirect URI is set I get redirected to /oidc/callback?code=
Response is: Not Found The requested URL was not found on this server.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions