DSpace 7.3 OIDC auth.

1,272 views

Skip to first unread message

Juan López

unread,

Aug 8, 2022, 4:29:37 PM8/8/22

to DSpace Technical Support

Hi,

I'm trying to set OIDC auth on a Dspace 7.3 following the docs: https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-OpenIDConnect(OIDC)Authentication

We're using azure to configure Open ID connect, however, when we create a new application and select "single sign-on" it doesn't show us the oidc option... we know that this is an issue of azure and already started a ticket with microsoft to see if they can explain this behaviour.

However, we have other applications in azure that are using OIDC and the "server-url", "server-realm" and "client-id" needed for the module are not shown. So, even if we fix the issue with azure and create an app that uses OIDC as SSO, we will not be able to get this missing data.

This post is to ask if anyone has set OIDC in DSpace 7 using azure and if they can share their experience with this module.

Best regards,

Juan.

David Dean

unread,

Apr 10, 2023, 12:37:24 PM4/10/23

to DSpace Technical Support

Hi Juan,

Sorry to respond to an old thread, but we just went through this at my institution and I wanted to share how we set up the Azure enterprise app and OIDC module.

For the single sign-on portion in the Azure enterprise app:

Select SAML
Enter a value for entity ID (we used our DSpace instance URL)
For the Reply URL enter "https://YOUR_DSPACE_HOSTNAME/server/api/authn/oidc"

For the OIDC module in DSpace:

The "client-id" is the application ID of your Azure enterprise app
We configured the endpoints directly, instead of setting a "server-url " and "server-realm." Values are based on your Azure AD tenant ID.
You can find yours by going to App registrations in Azure AD, selecting your app, and clicking the "Endpoints" link on the Overview screen.
   authorize-endpoint = "https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/authorize"
   token-endpoint = "https://login.microsoftonline.com/YOUR_TENANT_ID/oauth2/v2.0/token"
   userinfo-endpoint = "https://graph.microsoft.com/oidc/userinfo"

With 7.3 we had an issue with permissions not being applied to users when they logged in through OIDC until the page was refreshed, but this is working correctly in 7.5. OIDC login is working great for us overall.

Thanks!

-David

Reply all

Reply to author

Forward

0 new messages