I’m trying to have vault working with OIDC and Microsoft ADFS.
Following Azure Active Directory with OIDC Auth Method and External Groups | Vault | HashiCorp Developer I needed to leave groups_claims empty instead of groups in order to be able to sign in without permissions in vault (failed to fetch groups: “groups” claim not found in token). Even with group_claims=”roles” it failed.
verbose_oidc_logging is set to true and the audit_log has been enabled.
How can we see the detail of the response we receive from the OIDC provider ? I don’t see anything regarding this information in the logs or in the token detail (./vault token lookup token-dsfdsf…. )
The aim is to see what could be missing in the response I receive from the OIDC provider and see what can be used to map to.