SAML Integration With Azure Active Directory
Activity
Show:
Tibor LipuszMarch 26, 2020 at 2:22 AM
See
Michael HanApril 29, 2019 at 7:23 AM
SAML is already compatible with Azure ADFS. The only thing not supported was encrypted assertions. For 7.3, we will be supporting encrypted assertions.
Not Aligned with the Roadmap
Details
Assignee
UnassignedUnassignedReporter
Justin BowmanJustin BowmanLabels
Components
Priority
Low
Details
Details
Assignee
Unassigned
UnassignedReporter
Justin BowmanLabels
Components
Priority
LowZendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Zendesk Support
Linked Tickets
Created July 10, 2017 at 9:57 AM
Updated June 26, 2023 at 2:49 PM
Resolved February 14, 2023 at 2:52 PM
Description:
It would be beneficial to allow SAML integration with Azure Active Directory for SSO. Currently, it is understood that this is not possible due to the fact that Liferay requires message level signature in order to authenticate, while Azure Active Directory specifically does not support it:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-single-sign-on-protocol-reference#signature
Based on the following LPS, it was believed that supporting this may allow for the possibility of spoofing. It is unclear whether this is still the case or whether there are alternate options. If possible, it would benefit some users if Liferay allows the message level signature to be disabled or develops an alternate method to connect to Azure AD.
LPS-47700
This feature would make it so that clients who have already integrated their other applications with Azure AD can easily add Liferay to their workflow.
The following scenario illustrates the requested feature:
Deploy SAML 2.0 Provider into environment
Created new custom application in Azure AD
Configure connection to Azure AD via SAML Admin
Note the following errors in the console after performing these steps:
End Goal:
Add integration with Azure AD into the SAML 2.0 Provider.