OIDC setup with client certificates

I’m trying to setup vault oidc using an internal gitlab server. The gitlab server requires client certificates for all connections. When writing auth/oidc/config with the oidc_discovery_url of our internal gitlab server, I get a 400 error since no client certs are sent.

Anyway to get this working?


Make the GitLab server not require client certificates for OIDC discovery URLs.

Thanks for the suggestion. Unfortunately, the admins won’t make that change. Policy thing.

Huh… do they really have other OIDC clients that support this bizarre policy?