Comments (4)
Hello @bppn,
it is really hard to analyze the issue.
Is it the whole auth config you are using?
One of the issue could be that you are using the common endpoint rather than the tenant specific endpoint.
Can you check that?
from luigi.
Hello @JohannesDoberer ,
In order to use Azure Active Directory in a multi-tenant setup, the common endpoint is required:
The issuer will be the tenant that the end-user authenticates to.
A normal setup would be to either allow all issuers or have a curated list of issuers that are allowed (most of the time dynamically by a DB lookup).
I do not see any option in Luigi to properly setup issuer validation out-of-the box.
from luigi.
Hello @bppn,
if you are using our OpenID Connect plugin you can add the issuer validation to the settings.
So if OpenID Connect plugin, please take a look how it is done for oidc-client-js.
We just pass the settings to the oidc-client-js lib.
Something like that should help:
ad: {
idpProvider: OpenIdConnect,
authority: 'https://login.microsoftonline.com/common/v2.0',
logoutUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/logout',
scope: 'openid profile email',
// for PKCE flow
client_id: 'xxxxxxxx', // example oidc-mockserver client id
response_type: "code", // for PKCE
response_mode: "fragment", // change between `query` and `fragment`,
metadata:{
issuer: 'YOUR_VALUE',
authorization_endpoint:'YOUR_VALUE',
userinfo_endpoint:'YOUR_VALUE'
end_session_endpoint:'YOUR_VALUE',
jwks_uri:'YOUR_VALUE'
}
If you are not using our plugin, it is also possible to add a custom authorization provider.
from luigi.
OK, thanks for the feedback.
Since issuer can be any value in case of multi-tenant auth, the oidc client doesn't seem a matching option.
I will take a look into the custom provider.
from luigi.
Related Issues (20)
- Resolve TODOs in core utilities
- Playwright support for testing utilities
- Release script for classic luigi replaces nextrelease placeholder in container HOT 2
- fix cors issue for wc in fiddle HOT 1
- Update core/examples deps
- release notes for v2.14
- Update deps for e2e-angular-application
- Tutorial UI5 + Luigi Container Improvements HOT 1
- Update dependencies for /scripts folder HOT 1
- No icon in alert in >=2.9.0 HOT 1
- Investigate/Fix alert dismissListener error log
- Remove ie11 leftover code
- luigi-compound-container cascading context update
- Reverse proxy for local fiddle
- Investigate vendor prefixes still needed HOT 2
- Test sandboxRules for LuigiContainer
- Test allowRules for LuigiContainer HOT 1
- Test sendCustomMessage for LuigiContainer
- Incorrect docs for allowRules and sandboxRules in Luigi container
- Clarify the difference between attribute and property in Container Docu
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from luigi.