I just try to make the authentication on Graylog using Azure AD OIDC.
I have setup everything and on the WEB UI I see the success on connect to the server.
After that, when I try to login using the authenticator service and i have the following error:
2022-02-23 16:02:08,829 ERROR: org.graylog.plugins.security.authservice.backend.OauthRequestUtils - Error attempting to fetch data from auth server. Got: 400 Bad Request
2022-02-23 16:02:08,829 ERROR: org.graylog.plugins.security.authservice.backend.OauthAuthServiceBackend - Unable to extract id and access tokens from JSON response
Can any one help.
Thanks.
UPDATE:
I just make connection occurs however I facing the following error right now:
ERROR: org.graylog.plugins.security.authservice.backend.OauthAuthServiceBackend - Unable to extract user info from JSON response
com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of org.graylog.plugins.security.authservice.backend.OauthUserinfo$Builder, problem: Missing required properties: email
I need to ask a couple question first.
Some more information about the software version/s you have installed within your environment pertaining to Graylog would help. Full logs of this error would be greatly appreciated. What kind of configuration were made?
Also, if you could use the markdown for posting Code, Configuration file/s , etc… would make it easier to read.
Any question about this you can look here.
email
The reported email address for this user JWT, SAML MSA, Azure AD This value is included by default if the user is a guest in the tenant. For managed users (the users inside the tenant), it must be requested through this optional claim or, on v2.0 only, with the OpenID scope. This value is not guaranteed to be correct, and is mutable over time - never use it for authorization or to save data for a user.
On the jwtClaims that I return from Azure AD I see that the Email address come on “preferred_username” key.
