Xdmod integration with Ondemand using openidc auth

I have xdmod authentication set to use saml2 to our Azure Ad auth services and ondemand is using openidc through CiLogon which also uses the Azure Ad auth services. I am not getting the xdmod widgets to show anything from the xdmod server even though I am logged into xdmod in a separate tab in my browser. I do have the frames-ancestors set to:

Header always set Content-Security-Policy “frame-ancestors https://*.psu.edu;”

This is generated from my ood-portal.yml file. There must be something I am missing here to get the connection from the ondemand server to the xdmod server.

I fixed the lines it the nginx_stage.yml file and now instead of NaN information I am getting an error stating.

TypeError: NetworkError when attempting to fetch resource. Please ensure you are logged into Open XDMoD first, and then try again.

When I click on the login link It goes to the xdmod server but I still do not get any information back in the widgets.

Hi, it seems you’ve found us on slack and maybe your Azure IDP needs to be set to:

frame-ancestors https://*.psu.edu 'self'

Happy to continue to work with you there - but I’ll update this ticket so other folks can find the resolution.

Yes I was going to update here as well. adding ‘self’ onto the frames-ancestors didn’t seem to do the trick.

Not seeing where I would set anything in the Azure AD portal for that. I can put a question in to them to see where that would go.

It may also help to see what the error is. Open your browsers dev tools and refresh the page. Navigate to the console tab and you should see some errors. (probably related to content security policies).

Yes I am getting a couple different errors:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rc-xdmod.2e.hpc.psu.edu/rest/v1/users/current. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I have set the domains variable in the CORS section of the xdmod server so I am not sure what that is and the other one is (one for each widget):

TypeError: NetworkError when attempting to fetch resource. dashboard:553:13
Welcome To The CILogon OpenID Connect Authorization Service

After working with xdmod people we found I need to install the Supremm module for xdmod in order to get the data that the Ondemand widgets are looking for.