For a project using vault I have to create my own “jwt” provider.
I’m using a python flask proxy in a first place, so the user can login to our own authentication plateform, once its done I’m getting a certain ticket that I put into a jwt in order to connect to the Vault.
If I take the “jwt” and put it by myself on the UI this way :
It works perfectly.
What I want to do is to automate this “copy-paste” of jwt.
I saw in the documentation a way to connect using curl post request by using a payload with the jwt but unfortunatly it’s not a " redirection".
Thus when I try to redirect my user to the adress " ```
On the webpage
Does anyone has a solution about it ?
Have a nice week.
I’m not sure there’s any way implemented to do this.
The supported way would be to use regular OIDC, where you have a JWT/OIDC auth method (they’re the same code, it just goes by two different names) configured with a role that is of
A user would arrive at the Vault UI, and would click a “Sign in with OIDC” button, and be redirected to your configured OIDC identity provider - which would then redirect back, following the OIDC Authorization Code flow.
If you have a single sign-on solution that does not support OIDC, however, this won’t help you.
Maybe there is a way to redirect someone with a vault-token in its header or something in order to log the user directly to the UI?
Do you have an idea on how does Vault makes the web authentication of a user on the UI?
There is something a bit like this but as far as I know, it’s completely undocumented other than in a few PRs in the Vault repository, and according to Vault UI Auto-Login without Namespace · Issue #17355 · hashicorp/vault · GitHub still has issues which make it an incomplete solution.
My personal recommendation would be to try to do standard OIDC instead.
Thanks for your answers, I will communicate those informations with my team.
Have a nice week-end.