Plone authentication against AzureAD/Office365 through OpenID?

Is anyone using Plone 5.2/Python 3 together with OpenID to authenticate an OpenID provider like AzureAD/Office365? The canonical add-ons are plone.openid and plone.app.openid. However they do not seem to be working with Plone 5.2/Python 3...any other suggestions?

AFAIK OpenID is kind of dead and has it successors. Anyway, I never tried it with OpenID, but pas.plugins.authomatic supports it because Authomatic supports it.

You mean the Plone OpenID implementation is dead. So pas.plugins.authomatic is what you mean?
I was not aware of this package. Thanks for the pointer.

I wrote it at the Bukarest conference for plone.org. It basically proxies all Authomatic features as a PAS plugin. I never tried OpenID, but the underlying Authomatic supports it. Latter is in kind of maintenance mode. I have commit permissions there, so if something is broken and you know how to fix it, a PR can be proceeded quickly.

Quick check: pas.plugins.authomatic seems to work in general on Plone 5.2 / Python 3. I tested it against Github...there is some issue that the user is not directly authenticated upon the first login action...needed to perform login twice.

Probably some bug, might be OpenID related.

AFAIK the old OpenID (e.g. GitHub - plone/plone.openid: Zope2 PAS Plugin for OpenID Authentication) and the new OpenID Connect on Azure are not the same technology (more info here OpenID Connect FAQ and Q&As | OpenID). The new is based on Oauth2, time ago I'd implemented an OpenID Connect provider for authomatic and I confirm that could work, but not out of the box.

Another path could be GitHub - collective/collective.msal: Microsoft Azure Authentication as Plone PAS Plugin (not tested by me).

1 Like

Plone Foundation Code of Conduct