Has anyone got Plone working with Azure ActiveDirectory (AD) authentication?
I am looking over the responses from
but hoping there is more recent information.
We have something that works with a customized version of pas.plugins.oidc · PyPI, but not yet completed/battle tested because Azure's implementation of OIDC does not appear to be fully adhering to the specification (srv_discovery_url: "https://login.microsoftonline.com/common/" does not work · Issue #520 · CZ-NIC/pyoidc · GitHub).
One thing to keep in mind is that auth is sometimes only half of what you require, If you want read (or write) user properties and syncing groups etc then most of the auth options don't give you that.
We looking into this recently and it appears that LDAP is no longer supported by AzureAD?
Instead they have their own non-standard restapi they call "Graph" which does similar things to what LDAP would give you (plus more). There is at least one adapter you can use that converts graph into ldap so you could continue to use ldap. but we put together a quote to create a new PAS plugin for Azure AD Graph since that adapter didn't support writing properties and this client wanted self service user profiles. We aren't continuing with that work at the moment but happy to talk to anyone who wants to give it a go.
BTW. if you want things like self service user profiles and user search in plone 6 volto... it's not there. So that has yet to be built also.
I wrote this some times ago,
it worked for our purposes.
alessandro.