Authenticating to Web UI using Azure saml

Hi guys

Our privacyidea is connected to our Azure AD as the LDAP source. The web ui currently uses Azure username and password, but no mfa. We want to protect the web ui on public internet by using Azure SSO/saml. Is there a way to configure the apache server to authenticate against Azure (creds & Microsoft authenticator)?



privacyIDEA webui itself currently does not act as a SAML service provider.

However, you could configure apache using mod_mellon to act as a SAML service provider.

But if your need only is to do 2FA at the privacyIDEA WebUI login, you can easily do this using the authentication policy loginmode=privacyIDEA.

The point is to protect the webui while exposed to the internet, for users who yet to have mfa in privacyidea. Exposing privacyidea to the internet put these users at risk.

I now have this working using mellon and Azure. But it looks like the logout is still showing active session due to still recognising remote_user from mellon and still offering to login. Not a major issue, but would have been nice if it was closing the session completely and not offering to sign back in.

privacyIDEA has no session.

So you probably are looking into sessions of mod_mellon? (Which I do not know)