Xdmod integration with Ondemand using openidc auth

rsand · September 9, 2022, 12:37pm

I have xdmod authentication set to use saml2 to our Azure Ad auth services and ondemand is using openidc through CiLogon which also uses the Azure Ad auth services. I am not getting the xdmod widgets to show anything from the xdmod server even though I am logged into xdmod in a separate tab in my browser. I do have the frames-ancestors set to:

Header always set Content-Security-Policy “frame-ancestors https://*.psu.edu;”

This is generated from my ood-portal.yml file. There must be something I am missing here to get the connection from the ondemand server to the xdmod server.

rsand · September 9, 2022, 2:24pm

I fixed the lines it the nginx_stage.yml file and now instead of NaN information I am getting an error stating.

TypeError: NetworkError when attempting to fetch resource. Please ensure you are logged into Open XDMoD first, and then try again.

When I click on the login link It goes to the xdmod server but I still do not get any information back in the widgets.

jeff.ohrstrom · September 9, 2022, 4:20pm

Hi, it seems you’ve found us on slack and maybe your Azure IDP needs to be set to:

frame-ancestors https://*.psu.edu 'self'

Happy to continue to work with you there - but I’ll update this ticket so other folks can find the resolution.

rsand · September 9, 2022, 4:31pm

Yes I was going to update here as well. adding ‘self’ onto the frames-ancestors didn’t seem to do the trick.

rsand · September 9, 2022, 4:33pm

Not seeing where I would set anything in the Azure AD portal for that. I can put a question in to them to see where that would go.

jeff.ohrstrom · September 9, 2022, 5:10pm

It may also help to see what the error is. Open your browsers dev tools and refresh the page. Navigate to the console tab and you should see some errors. (probably related to content security policies).

rsand · September 9, 2022, 5:18pm

Yes I am getting a couple different errors:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://rc-xdmod.2e.hpc.psu.edu/rest/v1/users/current. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

I have set the domains variable in the CORS section of the xdmod server so I am not sure what that is and the other one is (one for each widget):

TypeError: NetworkError when attempting to fetch resource. dashboard:553:13
Welcome To The CILogon OpenID Connect Authorization Service

rsand · September 9, 2022, 6:58pm

After working with xdmod people we found I need to install the Supremm module for xdmod in order to get the data that the Ondemand widgets are looking for.

system · March 8, 2023, 6:59pm

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ondemand 3.0.0 and Xdmod 10.0.2-2.0 integration problems Get Help	9	673	February 17, 2024
Did anyone have a success integrating XdMod and OnDemand? Get Help	8	334	September 23, 2024
Help configuring SAML Single Sign-on with Azure AD Get Help ondemand2 , question	4	326	June 20, 2023
OIDC Azure AD auth Config Get Help	4	1018	December 27, 2022
XDMoD Integration with Ondemand Get Help	3	324	February 27, 2023

Xdmod integration with Ondemand using openidc auth

Related topics