Hi,
I have configured OIDC as an authentication provider and it works well when working with Vault UI. However, with the CLI I get below error:
Error authenticating: listen tcp [::1]:8250: bind: cannot assign requested address
I checked but the port was free so not able to understand what is the issue.
When you configured the OIDC provider in Vault, what did you set for allowed_redirect_uris? Similarly, what did you use for sign-in redirects in your OIDC provider? There needs to be one for localhost when using the CLI.
You can see an example Okta and Vault config here where you add the redirect in Okta, and also configure in the Vault auth method.
Yes, I have added that on both sides. I have used https://localhost:8250/oidc/callback in the redirect URI. When this URL wasn’t updated, the error was different but now its only the port. Is it related to a network issue?
Out of curiosity, what if you set the callback in your IDP and Vault to http instead of https? If you don’t have a trusted certificate (unless you made your own for localhost?), I would imagine there would be errors going to https for the CLI callback.
I had tried that but same error.
Infact if I remove http://localhost:8250/oidc/callback from the allowed_redirect_uris, I get Error authenticating: Unable to authorize role "verify" with redirect_uri "http://localhost:8250/oidc/callback". Check Vault logs for more information.
If I add it, then Error authenticating: listen tcp [::1]:8250: bind: cannot assign requested address
Did you truncate any callback configs - either in Vault or in your IDP with listen tcp [::1]:8250?
Hi @jonathanfrappier, I am not sure if I understand the question correctly. I am attaching the screenshot from Vault and OIDC provider for the redirect uris that I have set. Hope it helps narrow down the issue.
I don’t think you need that last redirect `https://hashivault1…com:8200/oidc/callback - wonder if that is conflicting with the localhost redirect.
Here is an example config with Okta:
No, it isn’t conflicting. I removed it but the error still persists.
What is your OIDC provider? I can follow the tutorial and set it up with that provider to see if I can reproduce it.
It is IBM Verify SaaS.
I followed OIDC authentication with Okta | Vault | HashiCorp Developer for the integration.
Sorry I havent got back to this yet, but have you seen
Use IBM Verify for OIDC authentication | Vault | HashiCorp Developer ?
The issue is resolved. It was a config at OS level.
awesome! Are you able to share the config change in case anyone else has a similar situation?
My /etc/hosts file had some missing entries. Added those and it worked.
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
1 Like