You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am using Microsoft Entra ID for OIDC authentication to Vault, but I'm unable to authenticate with a user that is not a member of any groups. My Vault JWT role is configured to look for a groups_claim, however, Vault presents the following error if the claim is not included with the token:
failed to fetch groups: "groups" claim not found in token
Can vault-plugin-auth-jwt be updated to authenticate users when the group attribute is missing from the token? In such cases, I would like users to be assigned the default policy that was configured for the JWT role.
The text was updated successfully, but these errors were encountered:
I am using Microsoft Entra ID for OIDC authentication to Vault, but I'm unable to authenticate with a user that is not a member of any groups. My Vault JWT role is configured to look for a
groups_claim, however, Vault presents the following error if the claim is not included with the token:Microsoft Entra ID doesn't send any configured claims if the attribute carries no value in it, so users that are not a member of a group are unable to authenticate to Vault.
Can vault-plugin-auth-jwt be updated to authenticate users when the group attribute is missing from the token? In such cases, I would like users to be assigned the default policy that was configured for the JWT role.
The text was updated successfully, but these errors were encountered: