vCenter

 View Only
  • 1.  Federated SSO with Azure Federations instead of ADFS

    Posted Nov 02, 2021 01:54 PM

    I had our VMware vSphere dev environment connected to AzureAD SSO using OpenID Connect.  It was working perfectly, I can see in the header it's getting VSPHERE-USERNAME populated with the samaccountname value.  VMware is configured with LDAPS to our domain, and the roles are populated with AD groups.  ADConnect is pushing the same data from on-prem in to AzureAD so I'm scratching my head a bit as to why this is stopped working.

    I'm loathe to deploy ADFS for this, as MS is at the very least de-emphasizing ADFS if not deprecating it out right, and pushing customers to PTH or PTA and using Azure Federation instead..  I would rather use our Azure App Proxy with IWA/Kerberos Constrained Delegation before I do ADFS.



  • 2.  RE: Federated SSO with Azure Federations instead of ADFS

    Posted Nov 05, 2021 07:32 PM

    Never mind, the Azure OIDC config is fine.  It was the LDAP side in vSphere, we reconfigured "ADFS" in vSphere and it started working again.  We had to reapply some AD Groups.