Just like in title if you could provide me with instructions how to configure auth: section in Okteko config file and, a service principle on Azure side it self. So far with configuration below I got “Service unavailable error” although all pods are working.
auth:
openid:
enabled: true
clientId: 246d00c0-2b7c-41f5-a943-986480981e9e
clientSecret: ???
endpoints:
issuer: https://login.microsoftonline.com/100b3c99-f3e2-4da0-9c8a-b9d345742c36
authorization: Sign in to your account
Hey there,
When I was setting this up and getting the auth online the main issues were the endpoint and endpoint.mapping entries
endpoints:
issuer: https://sts.windows.net/<YOUR_TENENT_ID>/
authorization: https://login.microsoftonline.com/<YOUR_TENENT_ID>/oauth2/v2.0/authorize
mapping:
externalIDKey: email
For a complete config based on one of our sample domains ‘picoserver.io’ :
email: <YOUR_EMAIL_ADDRESS>
subdomain: dev.<YOUR_DNS_ZONE>
cluster:
endpoint: "https://<YOUR_CLUSTER_ADDRESS>:443"
auth:
openid:
enabled: true
clientId: <YOUR_CLIENT_ID>
clientSecret: <YOUR_CLIENT_SECRET>
endpoints:
issuer: https://sts.windows.net/<YOUR_TENENT_ID>/
authorization: https://login.microsoftonline.com/<YOUR_TENENT_ID>/oauth2/v2.0/authorize
mapping:
externalIDKey: email
cloud:
provider:
azure:
enabled: true
storage:
container: "<YOUR_CONTAINER_NAME>"
accountName: "<YOUR_STORAGE_ACCOUNT_NAME>"
buildkit:
ingress:
enabled: false
service:
type: LoadBalancer
The tenant Id is labeled “Directory (tenant) ID” and auth.clientId is labeled “Application (client) ID” from the “App registrations” page:
The auth.clientSecret is the “Value” from the “Certificates & secrets” tab of the “App registrations” page:
Could you also share the Authentication blade for App registration ? Platform configuration (WEB or SPA), Redirect uris and which tokens to use (Access tokens or ID tokens ). ?
