Azure AD Configuration

log in to azure active directory with a user who has the required administrative rights and follow the below steps to create a kron pam application for saml sso enterprise applications new application create your own application give your app a name go to the newly created kron pam application on azure portal choose single sign on under manage on the left pane click edit for basic saml configuration on azure portal enter the information below according to the kron pam information t he ip address of the kron pam app will change according to your environment after making the above configurations, the basic saml conf tab can be closed go to step 3 for saml certificates on azure portal download the certificate (base 64) and open it via notepad then copy it inside the notepad we will paste it to the saml configuration on kron pam as saml x509 certf key go to administration > system configuration manager > integration > saml configuration do not close the saml configuration popup on kron pam for further configurations click the checkbox to enable saml on the saml configuration popup on kron pam go to step 4 for kron pam configurations on azure portal we will copy the above configurations from the azure portal and paste them as the saml configuration on kron pam the login url from the azure portal will be pasted as the saml logout url in the saml configuration the microsoft entra id identifier from the azure portal will be pasted as saml entity id in the saml configuration do not close the saml configuration popup on kron pam for further configurations go to properties under manage on the left pane of the azure portal for configured applications copy the user access url and paste it as the saml url in the kron pam saml configuration c opy the user access url from the azure portal and paste it as the saml url in the kron pam saml configuration on kron pam e nter the kron pam web url ( https //10 10 10 10/login ) as the saml remote url in the saml configuration of kron pam service provider name on configuration popup in kron pam can be provided as requested (for example, azure entra) to display service provider login on the login page, toggle “enable service provider login” at the end of the configuration, the kron pam screen below will be displayed after setting to the required configurations, you need to edit tomcatcorsfilter in the tomcat configuration make an ssh to the kron pam server after setting the required configurations, you need to edit tomcatcorsfilter in the tomcat configuration make an ssh to the kron pam server open the web xml file under the following directory /pam/gui/conf find tomcatcorsfilter part and add the entra id url, as shown below in bold \<filter name>tomcatcorsfilter\</filter name>\<filter class>org apache catalina filters corsfilter\</filter class> \<init param> \<param name>cors allowed origins\</param name> \<param value>https //login microsoftonline com\</param value> \</init param> to test the sso go to the application on azure and click single sign on on the left pane then go to step 5 on the azure portal, and click the button test button a new right side page will open to ask for the user who will log in to the application if this user exists in the kron pam application, you will log in with no need for credentials