danhuawang opened a new issue, #9868: URL: https://github.com/apache/gravitino/issues/9868
### Version main branch ### Describe what's wrong Configure Gravitino with Azure AD, failed to login. I check the doc https://gravitino.apache.org/docs/1.1.0/security/how-to-authenticate#example-azure-ad-as-oidc-provider-with-jwks-validation . It use `v2.0` endpoint. But the browser seams request to `v1.0`. <img width="1498" height="891" alt="Image" src="https://github.com/user-attachments/assets/42116ee3-9a21-4c2e-8ee5-82ef7243a2cd"; /> <img width="1499" height="898" alt="Image" src="https://github.com/user-attachments/assets/c4a136be-e08d-409a-bf97-b5901a2ddc33"; /> ### Error message and/or stacktrace See above ### How to reproduce 1. Gravitino verison info: ``` {"code":0,"version":{"version":"1.1.0","compileDate":"12/12/2025 12:38:33","gitCommit":"5a6b5ae772d50aff98878ae3659fba3598a9027f"}} ``` 2. Configure Gravitino with Azure AD, failed to login. `gravitino.conf` file relevant configuration as following: ``` # Enable OAuth authentication gravitino.authenticators = oauth # OIDC Provider Configuration for Web UI gravitino.authenticator.oauth.provider = oidc gravitino.authenticator.oauth.clientId = 7eeeafb6-ac8c-413c-9060-5d459696**** gravitino.authenticator.oauth.authority = https://login.microsoftonline.com/a2ba5595-4781-4fbc-b2ae-ba12ac36**** gravitino.authenticator.oauth.scope = openid profile email # JWKS-based Token Validation gravitino.authenticator.oauth.jwksUri = https://login.microsoftonline.com/a2ba5595-4781-4fbc-b2ae-ba12ac36****/discovery/v2.0/keys gravitino.authenticator.oauth.tokenValidatorClass = org.apache.gravitino.server.authentication.JwksTokenValidator gravitino.authenticator.oauth.serviceAudience = 7eeeafb6-ac8c-413c-9060-5d459696**** gravitino.authenticator.oauth.principalFields = preferred_username,email,sub ``` ### Additional context _No response_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
