Using Azure AD OpenID Connect (OIDC) for Authentication

jspaleta · June 15, 2020, 9:56pm

@tribble3891
Ugh… i think Azure has broken the groups_claim array of strings expectation of OIDC in a subtle way
it looks like Azure isnt given us a clean array of strings.
technically its given us an array with a single string in it starting with oidc:[ and ending with ]
its like Azure is trying to wrap an array in an array, which it should be using a json hash.
Azure is doing this

  "groups": [
    "oidc:[\"70aed41c-93ef-4088-9fab-196d5d978c9e\",\"8a5d117e-bbbf-4706-ac17-81136e33d7bf\",\"608d8baf-b7d4-4fe1-a5d7-aac3b133d322\"]"
  ],

I would expect it to do this instead:

  "groups": ["70aed41c-93ef-4088-9fab-196d5d978c9e","8a5d117e-bbbf-4706-ac17-81136e33d7bf","608d8baf-b7d4-4fe1-a5d7-aac3b133d322"],

I’m not sure what to do here, what Azure is putting out right now for the groups attribute seems to break the groups_claim expectation.

Topic		Replies	Views
Issues implementing OIDC authentication with Okta Sensu Go	2	587	March 18, 2021
Problem Implementing OIDC with OKTA Sensu Go enterprise	0	989	January 8, 2020
Using uchiwa with OIDC Sensu Classic (EOL)	1	445	November 22, 2018
Sensu AD configuration Sensu Go	4	441	June 16, 2021
Anonymous bind when using Sensu-go ldap integration Sensu Go	4	784	May 1, 2019

Using Azure AD OpenID Connect (OIDC) for Authentication

Related topics