SSO with Azure fails with: AADSTS700016: Application with identifier 'None' #1360
Unanswered
papanito
asked this question in
Getting Help
Replies: 1 comment 1 reply
-
|
Ok following up on this the credential should be in a file e-g- Does the file name matter? I updated the external secrets as follows apiVersion: external-secrets.io/v1beta1
kind: ExternalSecret #gitleaks:allow
metadata:
name: netbox-sso
namespace: netbox
labels:
swisscard.ch/ea-app-id: "812"
spec:
data:
- remoteRef:
key: netbox-uat-sso-auth-key
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
secretKey: key
- remoteRef:
key: netbox-uat-sso-auth-secret
conversionStrategy: Default
decodingStrategy: None
metadataPolicy: None
secretKey: secret
secretStoreRef:
kind: SecretStore
name: secret-store-kv-netsec
target:
name: netbox-sso
creationPolicy: Owner
deletionPolicy: Retain
template:
type: Opaque
data:
oidc-azuread.yaml: |
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY: "{{ .key }}"
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET: "{{ .secret }}"Which now shows |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
My current workaround is not to use And then map it with extraVolumes:
- name: netbox-sso-azuread
secret:
secretName: netbox-sso-azuread
items:
- key: extra-1.yaml
path: extra-1.yaml
extraVolumeMounts:
- name: netbox-sso-azuread
mountPath: "/run/config/extra/1/extra-1.yaml"
readOnly: true
subPath: extra-1.yaml |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Following this topic I face a similar issue.
Problem
When clicking on "Microsoft Entra ID" on the login mask in netbox, and then entering the credentials in the page
https://login.microsoftonline.com/which was opened by netbox, we get the following error:Configuration
We deploy netbox in kubernetes using the helm chart. According to the following guidelines we he have the following setup:
values.yaml
netbox-sso.yaml
This is the secret referenced in the
extraConfigChecks
I can confirm that the
extraConfigis written to the respective config map:$ kubectl get cm netbox -oyaml ... extra-1.yaml: |- SOCIAL_AUTH_PIPELINE: - social_core.pipeline.social_auth.social_details - social_core.pipeline.social_auth.social_uid - social_core.pipeline.social_auth.social_user - social_core.pipeline.user.get_username - social_core.pipeline.social_auth.associate_by_email - social_core.pipeline.user.create_user - social_core.pipeline.social_auth.associate_user - netbox.authentication.user_default_groups_handler - social_core.pipeline.social_auth.load_extra_data - social_core.pipeline.user.user_details - netbox.sso_pipeline_roles.set_role ...The config is mapped
... volumeMounts: - mountPath: /run/config/extra/0 name: extra-config-0 readOnly: true - mountPath: /run/config/extra/1 name: extra-config-1 readOnly: true ... volumes: - configMap: defaultMode: 420 name: netbox name: config .... - name: extra-config-0 secret: defaultMode: 420 secretName: netbox-sso - configMap: defaultMode: 420 items: - key: extra-1.yaml path: extra-1.yaml name: netbox name: extra-config-1 ....The content of these files is what I expect.
Related discussion or issues
Beta Was this translation helpful? Give feedback.
All reactions