Landscape OpenID Authentication
up vote
2
down vote
favorite
Currently, I have an instance of Canonical Landscape installed and I would like to change the authentication method to use ADFS 2016 via OpenID.
However, Landscape offers these two configurations in services.conf:
openid-provider-url = https://login.ubuntu.com/
openid-logout-url = https://login.ubuntu.com/+logout
If I append the following url:
openid-provider-url = https://<my_adfs_server>/adfs/oauth2/authorize/
I Get the error:
Error in discovery: Error fetching XRDS document: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>
Installing the ADFS certificate does not solve my problem and as there is no place for me to configure the clientId from ADFS OpenID.
How is it possible to integrate Landscape with ADFS via OpenID?
*PAM is not an option, because I can't connect directly to AD.
landscape
asked Apr 12 at 14:17
Edmar Junior
111
add a comment |
up vote
2
down vote
favorite
Currently, I have an instance of Canonical Landscape installed and I would like to change the authentication method to use ADFS 2016 via OpenID.
However, Landscape offers these two configurations in services.conf:
openid-provider-url = https://login.ubuntu.com/
openid-logout-url = https://login.ubuntu.com/+logout
If I append the following url:
openid-provider-url = https://<my_adfs_server>/adfs/oauth2/authorize/
I Get the error:
Error in discovery: Error fetching XRDS document: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>
Installing the ADFS certificate does not solve my problem and as there is no place for me to configure the clientId from ADFS OpenID.
How is it possible to integrate Landscape with ADFS via OpenID?
*PAM is not an option, because I can't connect directly to AD.
landscape
asked Apr 12 at 14:17
Edmar Junior
111
add a comment |
up vote
2
down vote
favorite
up vote
2
down vote
favorite
Currently, I have an instance of Canonical Landscape installed and I would like to change the authentication method to use ADFS 2016 via OpenID.
However, Landscape offers these two configurations in services.conf:
openid-provider-url = https://login.ubuntu.com/
openid-logout-url = https://login.ubuntu.com/+logout
If I append the following url:
openid-provider-url = https://<my_adfs_server>/adfs/oauth2/authorize/
I Get the error:
Error in discovery: Error fetching XRDS document: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>
Installing the ADFS certificate does not solve my problem and as there is no place for me to configure the clientId from ADFS OpenID.
How is it possible to integrate Landscape with ADFS via OpenID?
*PAM is not an option, because I can't connect directly to AD.
landscape
asked Apr 12 at 14:17
Edmar Junior
111
Currently, I have an instance of Canonical Landscape installed and I would like to change the authentication method to use ADFS 2016 via OpenID.
However, Landscape offers these two configurations in services.conf:
openid-provider-url = https://login.ubuntu.com/
openid-logout-url = https://login.ubuntu.com/+logout
If I append the following url:
openid-provider-url = https://<my_adfs_server>/adfs/oauth2/authorize/
I Get the error:
Error in discovery: Error fetching XRDS document: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>
Installing the ADFS certificate does not solve my problem and as there is no place for me to configure the clientId from ADFS OpenID.
How is it possible to integrate Landscape with ADFS via OpenID?
*PAM is not an option, because I can't connect directly to AD.
landscape
landscape
asked Apr 12 at 14:17
Edmar Junior
111
asked Apr 12 at 14:17
Edmar Junior
111
asked Apr 12 at 14:17
Edmar Junior
111
asked Apr 12 at 14:17
Edmar Junior
111
asked Apr 12 at 14:17
Edmar Junior
111
111
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
The landscape can be configured to use OpenID and works by default with UbuntuSSO. It can be configured as per
https://help.landscape.canonical.com/LDS/ReleaseNotes12.09#OpenID_support
ADFS 2016 is using "OpenID Connect" which is different from "OpenID" used with Landscape. Unfortunately, at this time Landscape does not support "OpenID Connect"
Here is more about the differences:
https://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
Hope this will help
answered Dec 5 at 17:04
bogdan
133112
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
The landscape can be configured to use OpenID and works by default with UbuntuSSO. It can be configured as per
https://help.landscape.canonical.com/LDS/ReleaseNotes12.09#OpenID_support
ADFS 2016 is using "OpenID Connect" which is different from "OpenID" used with Landscape. Unfortunately, at this time Landscape does not support "OpenID Connect"
Here is more about the differences:
https://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
Hope this will help
answered Dec 5 at 17:04
bogdan
133112
add a comment |
up vote
0
down vote
The landscape can be configured to use OpenID and works by default with UbuntuSSO. It can be configured as per
https://help.landscape.canonical.com/LDS/ReleaseNotes12.09#OpenID_support
ADFS 2016 is using "OpenID Connect" which is different from "OpenID" used with Landscape. Unfortunately, at this time Landscape does not support "OpenID Connect"
Here is more about the differences:
https://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
Hope this will help
answered Dec 5 at 17:04
bogdan
133112
add a comment |
up vote
0
down vote
up vote
0
down vote
The landscape can be configured to use OpenID and works by default with UbuntuSSO. It can be configured as per
https://help.landscape.canonical.com/LDS/ReleaseNotes12.09#OpenID_support
ADFS 2016 is using "OpenID Connect" which is different from "OpenID" used with Landscape. Unfortunately, at this time Landscape does not support "OpenID Connect"
Here is more about the differences:
https://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
Hope this will help
answered Dec 5 at 17:04
bogdan
133112
The landscape can be configured to use OpenID and works by default with UbuntuSSO. It can be configured as per
https://help.landscape.canonical.com/LDS/ReleaseNotes12.09#OpenID_support
ADFS 2016 is using "OpenID Connect" which is different from "OpenID" used with Landscape. Unfortunately, at this time Landscape does not support "OpenID Connect"
Here is more about the differences:
https://security.stackexchange.com/questions/44611/difference-between-oauth-openid-and-openid-connect-in-very-simple-term
Hope this will help
answered Dec 5 at 17:04
bogdan
133112
answered Dec 5 at 17:04
bogdan
133112
answered Dec 5 at 17:04
bogdan
133112
answered Dec 5 at 17:04
bogdan
133112
133112
add a comment |
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1024382%2flandscape-openid-authentication%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
