AzureAD + Socialite and Scope/Claims

I have had LibeNMS up and running for quite some time now and was wanting to get it working with AzureAD using the Socialite plugin. The directions on docs.librenms.org (Oauth/SAML support - LibreNMS Docs) does a great job going step by step for the Microsoft side of things to get it working, and it now works great. However, I have two groups that I was hoping to set up to automatically set roles, and I can’t for the life of me figure out what I am doing wrong. Once you get to the ‘Claims / Access Scopes’ section of the documentation, it goes over setting these with Okta, but nothing for Microsoft/AzureAD. I tried setting group attributes over on the app registration:

I even tried going to the Enterprise Application and setting it under ‘Additional Claims’, with the hopes that it would bring this attribute in (I just took the groups and set a value that matched the value that it is expecting for each role). I ran this:
lnms config:set auth.socialite.scopes.+ groups

and then set the groups in the LibreNMS GUI for the socialite settings to set those values to roles. Still no luck. I feel like I am close and am just missing something super trivial, but can’t seem to figure it out…

When I added the group stuff for Okta I had a go at getting it working with AzureAD free tiers or something but had no luck. It may have changed since then (I don’t remember seeing that ‘+Add group claim’ option …

It may also need some work on the socialite provder (?) and/or the LibreNMS code.

Good luck and if you get it working please feel free to update the documentation with whatever magic is required.

Hi, I’m stuck on the exactly same issue for weeks now. I tried asking for guidance on community discord, without luck.

Please let us know if you find the cure, and likewise I will share if I find anything useful!

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.