Need help in enabling OIDC authentication method on Vault and manage user access via AD groups

vinay1004 · February 27, 2020, 12:37am

I’m unable to manage the access using the AD group.

Here is the configuration

vault read auth/oidc/config
Key Value

bound_issuer n/a
default_role demo
jwt_supported_algs
jwt_validation_pubkeys
oidc_client_id ###########
oidc_discovery_ca_pem n/a
oidc_discovery_url https://####

======================================================================

=====================================================================
vault read auth/oidc/role/demo
Key Value

allowed_redirect_uris [https://hostname:8200/ui/vault/auth/oidc/oidc/callback http://localhost:8200/oidc/callback
http://localhost:8250/oidc/callback

bound_audiences [client ID from Ping]
bound_cidrs
bound_claims
bound_subject n/a
claim_mappings
groups_claim groups
max_ttl 0s
num_uses 0
period 0s
policies [policy name]
role_type oidc
ttl 1h
user_claim sub

========================================================================
vault policy read sso-test-list
path “secret/*” {
capabilities = [“list”]
}