Azure AD Configuration

log in to azure active directory with a user who has the required administrative rights and follow the below steps to create a kron pam application for saml sso click enterprise applications click new application click create your own application give your app a name go to the newly created kron pam application on azure portal on the left pane, choose single sign on under the manage heading click edit for basic saml configuration on azure portal fill the fields in accordance with the access information of your kron pam installation t he ip address of the kron pam app will change according to your environment these examples use the address 10 10 10 10 for convenience identifier (entity id) https //10 10 10 10/aioc rest web/servlet/saml/samlcheck reply url https //10 10 10 10/aioc rest web/servlet/saml/samlrecipient logout url https //10 10 10 10/aioc rest web/servlet/saml/samllogout after making the above configurations, the basic saml conf tab can be closed go to step 3 for saml certificates on azure portal download the certificate (base 64) and open it with notepad, and copy the entire text we will paste it to the saml configuration on kron pam as saml x509 certf key go to administration > system configuration manager > integration > saml configuration keep the saml configuration modal on kron pam open for further configurations click the checkbox to enable saml on the saml configuration popup on kron pam go to step 4 for kron pam configurations on azure portal we will copy the above configurations from the azure portal and paste them as the saml configuration on kron pam the login url from the azure portal will be pasted as the saml logout url in the saml configuration the microsoft entra id identifier from the azure portal will be pasted as saml entity id in the saml configuration keep the saml configuration modal on kron pam open for further configurations go to properties under manage on the left pane of the azure portal for configured applications copy the user access url and paste it as the saml url in the kron pam saml configuration c opy the user access url from the azure portal and paste it as the saml url in the kron pam saml configuration on kron pam e nter the kron pam web url ( https //10 10 10 10/login ) as the saml remote url in the saml configuration of kron pam service provider name on configuration popup in kron pam can be provided as requested (for example, azure entra) to display service provider login on the login page, toggle “enable service provider login” when all steps are complete, the saml configuration modal on kron pam should look similar to this after completing the required configurations, you need to edit tomcatcorsfilter in the tomcat configuration after connecting to the kron pam server via ssh open the web xml file under the following directory /pam/gui/conf find the tomcatcorsfilter filter and add the entra id url under cors allowed origins \<filter name>tomcatcorsfilter\</filter name>\<filter class>org apache catalina filters corsfilter\</filter class> \<init param> \<param name>cors allowed origins\</param name> \<param value>https //login microsoftonline com\</param value> \</init param> to test the sso process go to the application on azure, click single sign on on the left pane, then go to step 5 on the azure portal, and click the test button a page will open on the right side to ask for the user who will log in to the application if this user exists in the kron pam application, you will log in with no further need for credentials