admin管理员组文章数量:1346968
I am currently facing challenges while configuring HashiCorp Vault to authenticate via OpenID Connect (OIDC) through a proxy that interfaces with Azure Active Directory (AAD). The proxy exposes the discovery URL, and Vault communicates with it using OIDC. However, after exchanging the authorization code for a token, Vault returns the following error on vault UI:
Vault login failed. Error exchanging oidc code: "Provider.Exchange: id_token failed verification: Provider.VerifyIDToken: invalid id_token: oidc: id token issued by a different provider, expected \"http://{proxy_ip}:443\" got \"/{tenant-id}/v2.0\": invalid issuer".
Modifying the issuer in the discovery URL to match the token's actual issuer leads to another error:
error checking oidc discovery URL: error="error creating provider with given values: NewProvider: unable to create provider: oidc: issuer did not match the issuer returned by provider, expected \"http://{proxy_ip}\" got \"/{tenant-id}/v2.0\"".
I am using Vault version 1.19.0 (7eeafb6160d60ede73c1d95566b0c8ea54f3cb5a), running in development mode locally.
Has anyone encountered similar issues when configuring Vault with a proxy for Azure AD authentication? Any insights or recommendations would be greatly appreciated.
版权声明:本文标题:java - Harshicorp Vault OIDC Authentication via Proxy to Azure AD: 'Invalid Issuer' Error - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1743831694a2546639.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论