OIDC setup with client certificates

falemoh689 · June 1, 2022, 1:15pm

I’m trying to setup vault oidc using an internal gitlab server. The gitlab server requires client certificates for all connections. When writing auth/oidc/config with the oidc_discovery_url of our internal gitlab server, I get a 400 error since no client certs are sent.

Anyway to get this working?

Thanks!

maxb · June 1, 2022, 5:23pm

Make the GitLab server not require client certificates for OIDC discovery URLs.

falemoh689 · June 2, 2022, 1:25pm

Thanks for the suggestion. Unfortunately, the admins won’t make that change. Policy thing.

maxb · June 2, 2022, 1:33pm

Huh… do they really have other OIDC clients that support this bizarre policy?

Topic		Replies	Views
How to Disable certificate check with OIDC Auth Vault	1	1356	May 14, 2020
Trying to connect via OIDC with gitlab Vault	5	1457	October 21, 2021
Will hashicorp provide client certificate truststore for an API Vault	2	737	May 14, 2020
JWT or OIDC auth to pull secrets into GitLab-CI Vault k8s , vault	1	881	March 12, 2024
Vault & JWT authentication method Vault	3	5897	March 23, 2021

OIDC setup with client certificates

Related topics