Hey
So i removed the groups_prefix and ran it and i see the below as the JWT:
{
"exp": 1592295583,
"jti": "e1425f1bdc04fcbf44623sce4ffa4d95",
"sub": "oidc:username@domain.com",
"groups": [
"[\"70aed41c-93ef-4088-9fab-196d5d978c9e\",\"8a5d117e-bbbf-4706-ac17-81136e33d7bf\",\"608d8baf-b7d4-4fe1-a5d7-aac3b133d322\"]"
],
"provider": {
"provider_id": "AzureAD",
"provider_type": "oidc",
"user_id": "6JNSeREDSv1fJODWTf0L4uMrR4s3liNuyC4lP8WW_kY"
},
"api_key": false
}
that then showed the following in Sensu with no permissions being granted
It definitely seems to be passing it incorrectly - i can’t see any tunables to change that, what i thought about doing was just passing a seperate attribute and using that as the group_claim but i couldn’t get it in the right format.
All i can see in the application manifest is to set: “groupMembershipClaims”: “SecurityGroup” unfortunately but I may be missing something (its late in AU at the moment)