Can an Active Directory be used as an OpenID provider? WIF is an option, but it's quite complicated and not very widespread.
Active Directory as OpenID provider?
Asked Answered
Yes, you can. Just host an ASP.NET web site that itself uses Active Directory authentication, and exposes an OpenID Provider using DotNetOpenAuth.
Any links to some sample code for how to do this? The DotNetOpenAuth site has limited documentation. –
Goodbye
To do what, exactly? If you want to be an Active Directory relying party, you'll have to find AD documentation for that. If you want to (also) be a DotNetOpenAuth OpenID Provider, there are samples that come with the library to demonstrate that, and some limited documentation as you've said. –
Sextodecimo
ADFS 4.0, available from Windows Server 2016 onwards, allows authentication using OpenID.
There is also OpenID-LDAP server which claims to work with AD LDAP.
I've tried configuring OpenID-LDAP-PHP, but it stores the shared secret in SESSION (bound to the enduser) so that when the server issues check_authentication request it always replies with false - it can't find the shared secret in the SESSION for the server. It is generally very crappy code, with insufficient logging and uses mt_rand for crypto. Avoid. –
Therefor
Or you can use RedHat Keycloak, which leverages any LDAP or Kerberos Server as a repository to be used with OIDC or even with poor man's auth SAML.
I wonder how they do that. I saw OpenID as an available protocol to connect to AD using Keycloak, although OpenID wasn't suported by AD for a long time. –
Chemar
© 2022 - 2024 — McMap. All rights reserved.