I want to understand if its possible to setup onlogin for SSO for hashicorp vault. I couldnot see that in oidc auth methods but i think there can be some way to enable this. Has someone did something like this before and guide me if its possible.
Thanks much for your response. I was able to configure one login with SSO and it works via UI. For CLI, currently its giving me issues. Infrawise, we are running vault in ECS Task and ALB routes the request from 443 to 8200. When I am trying to run below command:
vault login -method=oidc role="reader" listenaddress="0.0.0.0" callbackhost="vault.example.com" callbackmethod="https" callbackport="443" port="8200"
Complete the login via your OIDC provider. Launching browser to:
Waiting for OIDC authentication to complete...
You will also need to configure Onelogin to allow this as a redirect URL for Vault.
The full flow is this:
User runs vault login -method=oidc
Vault CLI calls Vault server, asking it for an URL a browser can use to start the authentication
Vault CLI launches local browser using the URL fetched in the previous step. Meanwhile Vault CLI starts listening on http://localhost:8250…
Browser interacts with identity provider as needed. If successful, identity provider redirects the browser to http://localhost:8250/oidc/callback - where the original Vault CLI is listening - which is how the successful authentication makes it back to the Vault CLI
Vault CLI sends a one-time code received via the browser redirect, to the Vault server, where it is used to finalise the login and return a Vault session token