leejohnc
Contributor
Contributor

Federated SSO with Azure Federations instead of ADFS

I had our VMware vSphere dev environment connected to AzureAD SSO using OpenID Connect.  It was working perfectly, I can see in the header it's getting VSPHERE-USERNAME populated with the samaccountname value.  VMware is configured with LDAPS to our domain, and the roles are populated with AD groups.  ADConnect is pushing the same data from on-prem in to AzureAD so I'm scratching my head a bit as to why this is stopped working.

I'm loathe to deploy ADFS for this, as MS is at the very least de-emphasizing ADFS if not deprecating it out right, and pushing customers to PTH or PTA and using Azure Federation instead..  I would rather use our Azure App Proxy with IWA/Kerberos Constrained Delegation before I do ADFS.

Labels (7)
0 Kudos
1 Reply
leejohnc
Contributor
Contributor

Never mind, the Azure OIDC config is fine.  It was the LDAP side in vSphere, we reconfigured "ADFS" in vSphere and it started working again.  We had to reapply some AD Groups.

0 Kudos