using vault version 1.6.1
following is configured:
config:
vault read auth/oidc/config
Key Value
--- -----
bound_issuer n/a
default_role nothing
jwks_ca_pem n/a
jwks_url n/a
jwt_supported_algs []
jwt_validation_pubkeys []
namespace_in_state true
oidc_client_id xyzxyzxyz
oidc_discovery_ca_pem n/a
oidc_discovery_url https://sso.company.com
oidc_response_mode n/a
oidc_response_types []
provider_config map[]
role
vault read auth/oidc/role/nothing
Key Value
--- -----
allowed_redirect_uris [https://test.service.vault-test.local.net/ui/vault/auth/oidc/oidc/callback]
bound_audiences <nil>
bound_claims <nil>
bound_claims_type string
bound_subject n/a
claim_mappings <nil>
clock_skew_leeway 0
expiration_leeway 0
groups_claim n/a
not_before_leeway 0
oidc_scopes <nil>
policies [nothing]
role_type oidc
token_bound_cidrs []
token_explicit_max_ttl 0s
token_max_ttl 0s
token_no_default_policy false
token_num_uses 0
token_period 0s
token_policies [nothing]
token_ttl 0s
token_type default
user_claim sub
verbose_oidc_logging false
OIDc login is working like expected.
Now i want to configure MFA (MultiFactorAuth), which should be done just by appending “acr_vaulues=…” to OAuth 2.0 Authorization URL like this:
https://sso.company.com/as/authorization.oauth2?acr_values=SomeSpecificValue
How can i achieve this?
I did not find a possibility to configure this in a specific way.
Found no configuration option for OAuth 2.0 Authorization endpoint.
May this can be done via “provider_config”? And how would be the syntax?