Replies: 2 comments
-
After updating my App Registration Authentication to use ID tokens, I now get an id_token back that looks like this (with some bits stripped out):
From my reading, when "groups" is set to "src1", it indicates that the token won't get so large as to exceed HTTP header limits (see https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#groups-overage-claim). In our organization this isn't surprising. So _claim_sources.src1.endpoint is the URL of where to check the group membership, but I don't see how to do that with a nested claim. |
Beta Was this translation helpful? Give feedback.
-
It turns out that the fix for this was to use LDAP as described in https://github.com/OpenIDC/mod_auth_openidc/wiki/Authorization. |
Beta Was this translation helpful? Give feedback.
-
I'm trying to protect a URL with a group in Entra-ID (aka AzureAD).
The config:
mod_auth_openidc version 2.4.11
Apache 2.4.58
Users are defined in Entra-ID as
I've added a groups claim with all groups (also tried just Security Groups) with these permutations:
I'm trying to protect a URL with
At this point I am out of ideas to try. Any suggestions?
Beta Was this translation helpful? Give feedback.
All reactions