Skip to content

Instantly share code, notes, and snippets.

@krarey

krarey/config.sh

Last active October 7, 2022 00:05
Show Gist options
  • Save krarey/114ed91b8971f988551c0a47843511e0 to your computer and use it in GitHub Desktop.
Save krarey/114ed91b8971f988551c0a47843511e0 to your computer and use it in GitHub Desktop.
Download ZIP
Authenticate Consul administrative users using Azure Active Directory
Raw
config.sh
consul acl auth-method create \
-type=oidc \
-token-locality=global \
-name=azure \
-max-token-ttl=24h \
-display-name="Azure Active Directory" \
[email protected]
consul acl role create \
-name="oidc-admin" \
-description="Global Management policy for OIDC admins" \
-policy-id="global-management"
consul acl binding-rule create \
-bind-name='oidc-admin' \
-bind-type=role \
-description="Global Management login for OIDC admins" \
-method=azure \
-selector='"<Admin Security Group ID>" in list.groups'
# The above requires that the 'groups' optional claim is added to the AAD app registration's access token config
Raw
oidc-config.json
{
"AllowedRedirectURIs": [
"http://localhost:8550/oidc/callback",
"http://localhost:8500/ui/oidc/callback",
"https://<Consul URL>:8501/ui/oidc/callback"
],
"BoundAudiences": [
"<Client ID>"
],
"ClaimMappings": {
"name": "user"
},
"ListClaimMappings": {
"groups": "groups"
},
"OIDCScopes": [
"profile"
],
"OIDCClientID": "<Client ID>",
"OIDCClientSecret": "<Client Secret>",
"OIDCDiscoveryURL": "https://login.microsoftonline.com/<Tenant ID>/v2.0"
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment