This message was deleted.
# generalm
microscopic-answer-24504
01/06/2023, 2:06 PMThis message was deleted.
m
magnificent-energy-493
01/06/2023, 3:36 PM
Hey Johannes,
can you show me how the config is supposed to look?
Make sure not to post any secrets tho đ
w
wonderful-lamp-2357
01/09/2023, 9:25 AM@damp-car-18231 maybe the CLI itself âfailed the task successfullyâ đ
Why donât you try to
1. Get the config
Copy code
ory get identity-config {project-id} --format yaml > identity-config.yaml Copy code
ory update identity-config {project-id} --file identity-config.yamld
damp-car-18231
01/09/2023, 12:12 PM@User
This is how I want the config to look like:
Copy code
oidc:
config:
base_redirect_uri: <https://ory.igniteprocurement.com/>
providers:
- client_id: <client_id>
client_secret: <client_secret>
id: microsoft
label: Microsoft
mapper_url: <url_goes_here>
microsoft_tenant: common
provider: microsoft
subject_source: me
scope:
- <https://graph.microsoft.com/User.Read>
- profile
- email
- openid<https://graph.microsoft.com/User.Read>scopesubject_sourcedamp-car-18231
01/09/2023, 12:25 PMTagging you again bc tagging doesnât work when editing post (accidentally posted before I was finished writing) @magnificent-energy-493 @wonderful-lamp-2357.
This is the response after doing the get/update with Ory CLI:
Copy code
Warnings were found.
- Configuration key `serve.*` can not be set and will be ignored.
- Configuration key `cookies.path` can not be set and will be ignored.
- Configuration key `cookies.domain` can not be set and will be ignored.
- Configuration key `session.cookie.domain` can not be set and will be ignored.
- Configuration key `session.cookie.name` can not be set and will be ignored.
- Configuration key `session.cookie.path` can not be set and will be ignored.
It is safe to ignore these warnings unless your intention was to set these keys.
Project updated successfully!ory get identity-configsubject_sourcew
wonderful-lamp-2357
01/09/2023, 1:18 PM@damp-car-18231 that looks like a bug đ Can you open an issue in the https://github.com/ory/network repo and include all relevant details? Weâll do our best to squash this bug đ
d
damp-car-18231
01/09/2023, 1:18 PMOk, thanks!
đ 1
damp-car-18231
01/09/2023, 2:41 PMIssue created: https://github.com/ory/network/issues/213
s
shy-beach-55709
03/07/2023, 1:27 PM@damp-car-18231 hey, I'm wondering, were you able to configure ory with azure ad? We are doing a POC, deploying ory in k8s via ArgoCd and trying to use our azure ad as oidc, but I'm not sure how to create the jssonnet to map the identities.
d
damp-car-18231
03/07/2023, 1:35 PMWe built a service that pulls users from azure via microsoft graph and pushes them to ory cloud. Looks something like this in Go:
Copy code
func (w *worker) createOryIdentity(ctx context.Context, user adclient.User) (*oryclient.Identity, error) {
identityState := oryclient.IDENTITYSTATE_ACTIVE
createIdentityBody := oryclient.CreateIdentityBody{
Credentials: &oryclient.IdentityWithCredentials{
Oidc: &oryclient.IdentityWithCredentialsOidc{
Config: &oryclient.IdentityWithCredentialsOidcConfig{
Providers: []oryclient.IdentityWithCredentialsOidcConfigProvider{
oryclient.IdentityWithCredentialsOidcConfigProvider{
Provider: "microsoft",
Subject: user.Id,
},
},
},
},
},
SchemaId: w.orySchemaId,
State: &identityState,
Traits: map[string]interface{}{
"email": user.Mail,
"name": map[string]string{
"first": user.GivenName,
"last": user.Surname,
},
},
VerifiableAddresses: []oryclient.VerifiableIdentityAddress{
*oryclient.NewVerifiableIdentityAddress("completed", user.Mail, true, "email"),
},
}
identity, err := w.oryClient.CreateIdentity(ctx, createIdentityBody)
return identity, err
}damp-car-18231
03/07/2023, 1:36 PMWorks great
s
shy-beach-55709
03/07/2023, 1:42 PMThanks! We are running the POC in a k8s, but I'm not sure how to add the jsonnet. Eg:
Copy code
oidc:
enabled: true
config:
providers:
- id: microsoft
provider: microsoft
client_id: client_id
client_secret: client_secret
microsoft_tenant: common
issuer_url: <https://login.microsoftonline.com>
mapper_url: file:///etc/config/oidc.microsoft.jsonnet
scope:
- openid
- profile
- emaild
damp-car-18231
03/07/2023, 1:52 PMWeâre using this. Think itâs the standard mapping from ory. However we have user registration through ory disabled and handle user creation through our custom service which connects via the admin api. So I donât think the jsonnet map is ever used.
Copy code
oidc:
config:
base_redirect_uri: <redirect-uri>
providers:
- client_id: <azure-client-id>
client_secret: <azure-client-secret>
id: microsoft
label: Microsoft
mapper_url: <https://storage.googleapis.com/bac-gcs-production/ca2c1bb3278251cd64913563fcff9412253581c821d078016e55761e965f989530a8777852603e571aa19ec09553af1cfdd28ba58489d94e4e2f9b906d04455f.jsonnet>
microsoft_tenant: common
provider: microsoft
scope:
- <https://graph.microsoft.com/User.Read>
- profile
- email
- openid
subject_source: me
enabled: trues
shy-beach-55709
03/07/2023, 1:58 PMI'll check that out, thanks!! It's been a pain doing this POC, so your help is more than welcome
shy-beach-55709
03/09/2023, 8:26 PM@damp-car-18231 was wondering, did you face any 404? We are trying to add microsoft as an oidc but
the callback url breaks with 404 error. The flow is as follows:
Click on login botton --> choose microsoft --> microsoft requests user and passwords --> redirection to callback breaks.
The callback url looks something like:
http://localhost:4455/self-service/methods/oidc/callback/microsoft?code=BLABLA&state=BLABLA&session_state=BLABLA
d
damp-car-18231
03/10/2023, 9:01 AMAre you serving kratos on 4455?
s
shy-beach-55709
03/10/2023, 12:19 PMYes, we are
5 Views