I have set up a local instance of HashiCorp Vault (Enterprise edition) to test an implementation of Vault and Azure AD Single Sign-On with OIDC. I am using Terraform to provision and configure my OIDC components in Visual Studio Code, but have run into an error (see below) relating to my token claim.
How or where can I access my oidc jwt claim metadata to verify some of its entries? I have even set the verbose_oidc_logging = true
in my vault_jwt_auth_backend_role
configuration but can’t figure out where I can access the log.
Below is the full snippet of vault_jwt_auth_backend_role configuration.
resource "vault_jwt_auth_backend_role" "azure" {
role_name = var.azure_role_name
backend = vault_jwt_auth_backend.root.path
user_claim = "email"
groups_claim = "groups"
bound_claims = { "groups": "VaultAdmins" }
role_type = "oidc"
oidc_scopes = var.oidc_scopes
allowed_redirect_uris = var.allowed_redirect_uris
verbose_oidc_logging = "true"
}