Thank you Larry I'll keep your experience as a precious reference ; I assume you're using OpenShift -> LDAP -> AD because you don't have OpenShift -> OpenID Connect -> AD like me
in my IT environment all the applications use OpenID Connect to authenticate our users and I preferably should authenticate in that way, therefore I need to understand how to debug the OpenShift -> OpenID Connect -> AD pipeline is there some tool to simulate the OpenID Connect authentication ? Just found this [@] I hope somebody from Red Hat can give me some insights, maybe it's just matter of raising some debug level. Thanks, Fabio [@] https://github.com/curityio/example-python-openid-connect-client On 28 March 2018 at 02:02, Brigman, Larry <[email protected]> wrote: > I configure one of our clusters to use LDAP against our AD. > Here is my line from the inventory (obsucated) but handling both local and > LDAP: > openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': > 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', > 'filename': '/etc/origin/master/htpasswd'},{'name': 'ldap', 'challenge': > 'true', 'login': 'true', 'mappingMethod': 'claim', 'kind': > 'LDAPPasswordIdentityProvider', 'attributes': {'id': ['dn'], 'email': > ['mail'], 'name': ['cn'], 'preferredUsername': ['sAMAccountName']}, > 'bindDN': '[email protected]', 'bindPassword': 'XXXXXXX', > 'insecure': 'true', 'url': 'ldap://ldap.example.com:389/ > dc=sub,dc=example,dc=com?sAMAccountName'}] > > This is a give a good reference of how to configure/test things. > https://github.com/redhat-cop/openshift-playbooks/blob/ > master/playbooks/installation/ldap_integration.adoc > > -----Original Message----- > From: [email protected] [mailto: > [email protected]] On Behalf Of fabio martinelli > Sent: Monday, March 26, 2018 2:26 PM > To: users <[email protected]> > Subject: How to debug the openid auth plugin ? > > Dear OpenShift Colleagues > > I can't get working the OpenID Auth plugin [$], not necessarily because > that's broken Origin side since it's involved also the AD layer where I'm > not root [%] ; furthermore I don't have very much experience with OpenID. > > I believe I've slavishly followed the manual [$] and I've selected as the > mappingMethod the option "lookup" since I don't want any automatic login > from our AD at this stage. > > This is my failed login attempt by oc : > ################################################ > $ oc login --loglevel=10 > I0326 22:58:26.698146 38291 loader.go:357] Config loaded from file > /Users/f_martinelli/.kube/config > I0326 22:58:26.701628 38291 round_trippers.go:386] curl -k -v -XHEAD > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%3A443%2F&data=01%7C01%7Clarry. > brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata=m0bOfRtQnQ5QE8ntZo% > 2BaGSmV1OwfYrThXluGDNTenb0%3D&reserved=0 > I0326 22:58:26.922676 38291 round_trippers.go:405] HEAD > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%3A443%2F&data=01%7C01%7Clarry. > brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata=m0bOfRtQnQ5QE8ntZo% > 2BaGSmV1OwfYrThXluGDNTenb0%3D&reserved=0 403 Forbidden in 220 milliseconds > I0326 22:58:26.922709 38291 round_trippers.go:411] Response Headers: > I0326 22:58:26.922720 38291 round_trippers.go:414] Vary: > Accept-Encoding > I0326 22:58:26.922729 38291 round_trippers.go:414] > X-Content-Type-Options: nosniff > I0326 22:58:26.922738 38291 round_trippers.go:414] Date: Mon, 26 Mar > 2018 20:58:26 GMT > I0326 22:58:26.922747 38291 round_trippers.go:414] Content-Type: > text/plain > I0326 22:58:26.922756 38291 round_trippers.go:414] Connection: > keep-alive > I0326 22:58:26.922765 38291 round_trippers.go:414] Server: nginx > I0326 22:58:26.922774 38291 round_trippers.go:414] Content-Length: 90 > I0326 22:58:26.922782 38291 round_trippers.go:414] Cache-Control: > no-store > I0326 22:58:26.922889 38291 round_trippers.go:386] curl -k -v -XGET -H > "X-Csrf-Token: 1" > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%3A443%2F.well-known%2Foauth- > authorization-server&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=eM9%2Bsrj6GMSd524K6RaF7%2FqNnxsWIi6Cqr2A6O58pYM%3D& > reserved=0 > I0326 22:58:26.965442 38291 round_trippers.go:405] GET > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%3A443%2F.well-known%2Foauth- > authorization-server&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=eM9%2Bsrj6GMSd524K6RaF7%2FqNnxsWIi6Cqr2A6O58pYM%3D& > reserved=0 200 OK in 42 milliseconds > I0326 22:58:26.965686 38291 round_trippers.go:411] Response Headers: > I0326 22:58:26.966184 38291 round_trippers.go:414] Server: nginx > I0326 22:58:26.966199 38291 round_trippers.go:414] Date: Mon, 26 Mar > 2018 20:58:26 GMT > I0326 22:58:26.966210 38291 round_trippers.go:414] Content-Type: > application/json > I0326 22:58:26.966529 38291 round_trippers.go:414] Connection: > keep-alive > I0326 22:58:26.966557 38291 round_trippers.go:414] Vary: > Accept-Encoding > I0326 22:58:26.966572 38291 round_trippers.go:414] Cache-Control: > no-store > I0326 22:58:26.968573 38291 round_trippers.go:386] curl -k -v -XGET -H > "X-Csrf-Token: 1" > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%2Foauth%2Fauthorize%3Fclient_ > id%3Dopenshift-challenging-client%26code_challenge%3DkJm9R5VPybDF9QjG- > t9EhOAw0CCcLpiVQ2pXxmME08w%26code_challenge_method% > 3DS256%26redirect_uri%3Dhttps%253A%252F%252Fhosting.wfp.org% > 252Foauth%252Ftoken%252Fimplicit%26response_type% > 3Dcode&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=OiEF%2FOejV4j7o7B8vMcXSO3x52XrfqMEGLEgrJJywVY%3D&reserved=0 > I0326 22:58:27.002233 38291 round_trippers.go:405] GET > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%2Foauth%2Fauthorize%3Fclient_ > id%3Dopenshift-challenging-client%26code_challenge%3DkJm9R5VPybDF9QjG- > t9EhOAw0CCcLpiVQ2pXxmME08w%26code_challenge_method% > 3DS256%26redirect_uri%3Dhttps%253A%252F%252Fhosting.wfp.org% > 252Foauth%252Ftoken%252Fimplicit%26response_type% > 3Dcode&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=OiEF%2FOejV4j7o7B8vMcXSO3x52XrfqMEGLEgrJJywVY%3D&reserved=0 > 401 Unauthorized in 33 milliseconds > I0326 22:58:27.002305 38291 round_trippers.go:411] Response Headers: > I0326 22:58:27.002333 38291 round_trippers.go:414] Connection: > keep-alive > I0326 22:58:27.002343 38291 round_trippers.go:414] Www-Authenticate: > Basic realm="openshift" > I0326 22:58:27.002352 38291 round_trippers.go:414] Server: nginx > I0326 22:58:27.002361 38291 round_trippers.go:414] Date: Mon, 26 Mar > 2018 20:58:26 GMT > I0326 22:58:27.002370 38291 round_trippers.go:414] Content-Type: > text/plain; charset=utf-8 > I0326 22:58:27.002379 38291 round_trippers.go:414] Content-Length: 0 > Authentication required for https://na01.safelinks. > protection.outlook.com/?url=https%3A%2F%2Fhosting.wfp.org% > 3A443&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=dwG7mvp5WfF%2BRSuOK9WAjkeDfqDBpTEd% > 2BuFmprBOYi8%3D&reserved=0 (openshift) > Username: MYUSERNAME > Password: MYPASSWORD > I0326 22:58:32.977080 38291 round_trippers.go:386] curl -k -v -XGET -H > "Authorization: Basic ZmFiaW8ubWFydGluZWxsaTo=" -H "X-Csrf-Token: 1" > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%2Foauth%2Fauthorize%3Fclient_ > id%3Dopenshift-challenging-client%26code_challenge%3DkJm9R5VPybDF9QjG- > t9EhOAw0CCcLpiVQ2pXxmME08w%26code_challenge_method% > 3DS256%26redirect_uri%3Dhttps%253A%252F%252Fhosting.wfp.org% > 252Foauth%252Ftoken%252Fimplicit%26response_type% > 3Dcode&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=OiEF%2FOejV4j7o7B8vMcXSO3x52XrfqMEGLEgrJJywVY%3D&reserved=0 > I0326 22:58:33.018514 38291 round_trippers.go:405] GET > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fhosting.wfp.org%2Foauth%2Fauthorize%3Fclient_ > id%3Dopenshift-challenging-client%26code_challenge%3DkJm9R5VPybDF9QjG- > t9EhOAw0CCcLpiVQ2pXxmME08w%26code_challenge_method% > 3DS256%26redirect_uri%3Dhttps%253A%252F%252Fhosting.wfp.org% > 252Foauth%252Ftoken%252Fimplicit%26response_type% > 3Dcode&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=OiEF%2FOejV4j7o7B8vMcXSO3x52XrfqMEGLEgrJJywVY%3D&reserved=0 > 500 Internal Server Error in 41 milliseconds > I0326 22:58:33.018570 38291 round_trippers.go:411] Response Headers: > I0326 22:58:33.018584 38291 round_trippers.go:414] Server: nginx > I0326 22:58:33.018595 38291 round_trippers.go:414] Date: Mon, 26 Mar > 2018 20:58:32 GMT > I0326 22:58:33.018603 38291 round_trippers.go:414] Content-Type: > text/plain; charset=utf-8 > I0326 22:58:33.018611 38291 round_trippers.go:414] Content-Length: 100 > I0326 22:58:33.018621 38291 round_trippers.go:414] Connection: > keep-alive > error: Internal error occurred: unexpected response: 500 - verify you have > provided the correct host and port and that the server is currently running. > I0326 22:58:33.019129 38291 helpers.go:206] server response object: [{ > "metadata": {}, > "status": "Failure", > "message": "Internal error occurred: unexpected response: 500", > "reason": "InternalError", > "details": { > "causes": [ > { > "message": "unexpected response: 500" > } > ] > }, > "code": 500 > }] > F0326 22:58:33.019164 38291 helpers.go:120] Error from server > (InternalError): Internal error occurred: unexpected response: 500 > ################################################ > > as you can see nginx is running in front of the OpenShift WebConsole but > when I use the httpasswd auth plugin this is completely transparent. > > OpenShift side logs; AD is running on https://na01.safelinks. > protection.outlook.com/?url=https%3A%2F%2Ffs.auth.wfp.org& > data=01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d59360 > 47ca%7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > nz8yplH3KC4QmHePg9WCGV0Pp3i0%2BBeHEer%2F0MahNhY%3D&reserved=0 : > ################################################ > Mar 26 22:59:14 wfpromshap22 journal: I0326 20:59:14.505682 1 > wrap.go:42] GET > /apis/oauth.openshift.io/v1/oauthclients/openshift-web-console: > (1.873926ms) 200 [[openshift/v1.7.6+a08f5eeb62 (linux/amd64) > kubernetes/c84beff] 127.0.0.1:34518] Mar 26 22:59:14 wfpromshap22 > origin-master-api: I0326 > 20:59:14.505682 1 wrap.go:42] GET > /apis/oauth.openshift.io/v1/oauthclients/openshift-web-console: > (1.873926ms) 200 [[openshift/v1.7.6+a08f5eeb62 (linux/amd64) > kubernetes/c84beff] 127.0.0.1:34518] Mar 26 22:59:14 wfpromshap22 > origin-master-api: I0326 > 20:59:14.506054 1 handler.go:66] Authentication needed for > &{{my_openid_connect 0xf28d5e0 {5b176f53-e0cb-410a-ad7c-5a6f60b4c38e > bsJyJ3VNfReAj7sq1L785Yh2cPcImlFcTcY18HbR [openid] map[] > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Foauth2%2Fauthorize& > data=01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d59360 > 47ca%7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > fluqWSOb44Jizy2E4NFKjYBUy5yD9wJRP49UN%2BFNayg%3D&reserved=0 > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Foauth2%2Ftoken&data= > 01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > dLe3GkOcex9VUfGqhINLxEGZRqK3Xi1TxUQG%2FNBDy%2FQ%3D&reserved=0 > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Fuserinfo&data=01% > 7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata=4Ao5slkTaL4zkCSLr8odjfd% > 2FTTCMm5P6HxOFug3HP6s%3D&reserved=0 [sub] [preferred_username] [email] > [name] <nil>}} 0xc4217c20f0 0xc421777400 0xc4216ab950 [0xc4217c70e0 > 0xc4217c20f0] [0xc4217c2090 0xc4217c20f0] 0xc42175d840} Mar 26 22:59:14 > wfpromshap22 origin-master-api: I0326 > 20:59:14.506131 1 handler.go:78] redirect to > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Foauth2%2Fauthorize% > 3Fclient_id%3D5b176f53-e0cb-410a-ad7c-5a6f60b4c38e% > 26redirect_uri%3Dhttps%253A%252F%252Fhosting.wfp.org% > 252Foauth2callback%252Fmy_openid_connect%26response_ > type%3Dcode%26scope%3Dopenid%26state%3DY3NyZj1kMjIyNWJjMC0zMTBkLTEx > ZTgtYjlhZi0wMDUwNTZhNjZmNGImdGhlbj0lMkZvYXV0aCUyRmF1dGhvcml6 > ZSUzRmNsaWVudF9pZCUzRG9wZW5zaGlmdC13ZWItY29uc29sZSUyNnJlc3Bv > bnNlX3R5cGUlM0Rjb2RlJTI2c3RhdGUlM0RleUowYUdWdUlqb2lMeUlzSW01 > dmJtTmxJam9pTVRVeU1qQTVOemsxTlRFek9TMHpPRFV6T1RFNU5qWXhNelU0 > T1RJMk9UYzVNekkyTmpJeU5UTXdOVGt4TkRJek5qazROVFkwTVRNNE5UZzVP > VGM0TWpNek1qWXhNekF4TnpjeU5Ea3dOVE0xTVRFeU9EVTNNVEEwTWpjNElu > MCUyNnJlZGlyZWN0X3VyaSUzRGh0dHBzJTI1M0ElMjUyRiUyNTJGaG9zdGlu > Zy53ZnAub3JnJTI1MkZjb25zb2xlJTI1MkZvYXV0aA%253D%253D&data= > 01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > ElOhGMnnYeGcvXH8SxAZyBkS70GWXR1%2BfZHjujEbcdI%3D&reserved=0 > Mar 26 22:59:14 wfpromshap22 origin-master-api: I0326 > 20:59:14.506185 1 wrap.go:42] GET > /oauth/authorize?client_id=openshift-web-console&response_type=code&state= > eyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyMjA5Nzk1NTEzOS0zODUzOTE5NjYx > MzU4OTI2OTc5MzI2NjIyNTMwNTkxNDIzNjk4NTY0MTM4NTg5OTc4MjMzMjYx > MzAxNzcyNDkwNTM1MTEyODU3MTA0Mjc4In0&redirect_uri=https%3A%2F% > 2Fhosting.wfp.org%2Fconsole%2Foauth: > (2.865321ms) 302 [[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36] > 10.11.40.34:34290] Mar 26 22:59:14 wfpromshap22 journal: I0326 > 20:59:14.506054 1 handler.go:66] Authentication needed for > &{{my_openid_connect 0xf28d5e0 {5b176f53-e0cb-410a-ad7c-5a6f60b4c38e > bsJyJ3VNfReAj7sq1L785Yh2cPcImlFcTcY18HbR [openid] map[] > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Foauth2%2Fauthorize& > data=01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d59360 > 47ca%7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > fluqWSOb44Jizy2E4NFKjYBUy5yD9wJRP49UN%2BFNayg%3D&reserved=0 > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Foauth2%2Ftoken&data= > 01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > dLe3GkOcex9VUfGqhINLxEGZRqK3Xi1TxUQG%2FNBDy%2FQ%3D&reserved=0 > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Fuserinfo&data=01% > 7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata=4Ao5slkTaL4zkCSLr8odjfd% > 2FTTCMm5P6HxOFug3HP6s%3D&reserved=0 [sub] [preferred_username] [email] > [name] <nil>}} 0xc4217c20f0 0xc421777400 0xc4216ab950 [0xc4217c70e0 > 0xc4217c20f0] [0xc4217c2090 0xc4217c20f0] 0xc42175d840} Mar 26 22:59:14 > wfpromshap22 journal: I0326 20:59:14.506131 1 handler.go:78] redirect > to > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Ffs.auth.wfp.org%2Fadfs%2Foauth2%2Fauthorize% > 3Fclient_id%3D5b176f53-e0cb-410a-ad7c-5a6f60b4c38e% > 26redirect_uri%3Dhttps%253A%252F%252Fhosting.wfp.org% > 252Foauth2callback%252Fmy_openid_connect%26response_ > type%3Dcode%26scope%3Dopenid%26state%3DY3NyZj1kMjIyNWJjMC0zMTBkLTEx > ZTgtYjlhZi0wMDUwNTZhNjZmNGImdGhlbj0lMkZvYXV0aCUyRmF1dGhvcml6 > ZSUzRmNsaWVudF9pZCUzRG9wZW5zaGlmdC13ZWItY29uc29sZSUyNnJlc3Bv > bnNlX3R5cGUlM0Rjb2RlJTI2c3RhdGUlM0RleUowYUdWdUlqb2lMeUlzSW01 > dmJtTmxJam9pTVRVeU1qQTVOemsxTlRFek9TMHpPRFV6T1RFNU5qWXhNelU0 > T1RJMk9UYzVNekkyTmpJeU5UTXdOVGt4TkRJek5qazROVFkwTVRNNE5UZzVP > VGM0TWpNek1qWXhNekF4TnpjeU5Ea3dOVE0xTVRFeU9EVTNNVEEwTWpjNElu > MCUyNnJlZGlyZWN0X3VyaSUzRGh0dHBzJTI1M0ElMjUyRiUyNTJGaG9zdGlu > Zy53ZnAub3JnJTI1MkZjb25zb2xlJTI1MkZvYXV0aA%253D%253D&data= > 01%7C01%7Clarry.brigman%40arris.com%7Cbacd11c800094b91ed7808d5936047ca% > 7Cf27929ade5544d55837ac561519c3091%7C1&sdata= > ElOhGMnnYeGcvXH8SxAZyBkS70GWXR1%2BfZHjujEbcdI%3D&reserved=0 > Mar 26 22:59:14 wfpromshap22 journal: I0326 20:59:14.506185 1 > wrap.go:42] GET > /oauth/authorize?client_id=openshift-web-console&response_type=code&state= > eyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTUyMjA5Nzk1NTEzOS0zODUzOTE5NjYx > MzU4OTI2OTc5MzI2NjIyNTMwNTkxNDIzNjk4NTY0MTM4NTg5OTc4MjMzMjYx > MzAxNzcyNDkwNTM1MTEyODU3MTA0Mjc4In0&redirect_uri=https%3A%2F% > 2Fhosting.wfp.org%2Fconsole%2Foauth: > (2.865321ms) 302 [[Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36] > 10.11.40.34:34290] Mar 26 22:59:14 wfpromshap22 journal: I0326 > 20:59:14.634186 1 handler.go:160] Got auth data Mar 26 22:59:14 > wfpromshap22 origin-master-api: I0326 > 20:59:14.634186 1 handler.go:160] Got auth data Mar 26 22:59:14 > wfpromshap22 origin-master-api: I0326 > 20:59:14.642600 1 openid.go:216] identity=&{my_openid_connect > l8M167PMNqOtC+i49V4K5wAiVhlnNY7Tax//O0l0Bm8= map[]} > ################################################ > > please can I somehow debug step by step what Origin is doing here ? > > I've got I should get a JWT from AD during the authentication, did I get > it ? I read "Got auth data" in the logs. > > I've no access to the AD logs but I can dialog F2F with our AD Admin. > > many thanks in advance, > Fabio Martinelli > > > > > [$] > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fdocs.openshift.com%2Fcontainer-platform%2F3. > 7%2Finstall_config%2Fconfiguring_authentication. > html%23OpenID&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=N0X%2FuG3pT5oh%2BpUC0PIzlKSJv4ZLzNAzxqwTdHpqQ > Us%3D&reserved=0 > [%] > https://na01.safelinks.protection.outlook.com/?url= > https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive- > directory%2Fdevelop%2Factive-directory-protocols-openid- > connect-code&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=4pcHUAm2DMLCNvuCP9VgpF3H7j9udUlka0dbPqngM2o%3D&reserved=0 > > _______________________________________________ > users mailing list > [email protected] > https://na01.safelinks.protection.outlook.com/?url= > http%3A%2F%2Flists.openshift.redhat.com%2Fopenshiftmm% > 2Flistinfo%2Fusers&data=01%7C01%7Clarry.brigman%40arris.com% > 7Cbacd11c800094b91ed7808d5936047ca%7Cf27929ade5544d55837ac561519c > 3091%7C1&sdata=t8RYbpHHPriIDawvbDhkwyXAQRRJ0D > vnsh5%2BjLm7%2BMY%3D&reserved=0 >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
