Using Azure AD OpenID Connect (OIDC) for Authentication

tribble3891 · June 16, 2020, 1:14pm

Hey

So i removed the groups_prefix and ran it and i see the below as the JWT:

{
  "exp": 1592295583,
  "jti": "e1425f1bdc04fcbf44623sce4ffa4d95",
  "sub": "oidc:username@domain.com",
  "groups": [
    "[\"70aed41c-93ef-4088-9fab-196d5d978c9e\",\"8a5d117e-bbbf-4706-ac17-81136e33d7bf\",\"608d8baf-b7d4-4fe1-a5d7-aac3b133d322\"]"
  ],
  "provider": {
    "provider_id": "AzureAD",
    "provider_type": "oidc",
    "user_id": "6JNSeREDSv1fJODWTf0L4uMrR4s3liNuyC4lP8WW_kY"
  },
  "api_key": false
}

that then showed the following in Sensu with no permissions being granted

It definitely seems to be passing it incorrectly - i can’t see any tunables to change that, what i thought about doing was just passing a seperate attribute and using that as the group_claim but i couldn’t get it in the right format.

All i can see in the application manifest is to set: “groupMembershipClaims”: “SecurityGroup” unfortunately but I may be missing something (its late in AU at the moment)

Topic		Replies	Views
Issues implementing OIDC authentication with Okta Sensu Go	2	587	March 18, 2021
Sensu AD configuration Sensu Go	4	441	June 16, 2021
Problem Implementing OIDC with OKTA Sensu Go enterprise	0	990	January 8, 2020
Sensuctl configure: unable to authenticate with error: Unauthorized Sensu Go	6	2095	August 17, 2020
Jef Practice: Troubleshooting LDAP and AD auth providers Sensu Go	0	878	June 16, 2020

Using Azure AD OpenID Connect (OIDC) for Authentication

Related topics