Azure AD OIDC integration

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:

HI all, I configure Graylog to integrate authentication with Azure AD.
I manage to connect to Azure AD and when I try login I redirect to Microsoft Login page.

However, after login and when redirected to Graylog I have the fallowing error:

     Login failed. This might be a temporary problem. Please try again.

When search on the logs I find the following:
2022-03-23 14:59:05,328 ERROR: org.graylog.plugins.security.authservice.backend.OauthAuthServiceBackend - Unable to extract user info from JSON response
com.fasterxml.jackson.databind.exc.InvalidDefinitionException: Cannot construct instance of org.graylog.plugins.security.authservice.backend.OauthUserinfo$Builder, problem: Missing required properties: email
at [Source: (String)"{“aio”:“E2ZgYFhw/KTTG5t0ztbTdklr59y1Du+skRLjaCyLa/RdsGWr9ykA”,“amr”:"[“pwd”]",“family_name”:“xxxx”,“given_name”:“xxxx”,“ipaddr”:“xxxxx”,“name”:“xxxx xxx",“oid”:“xxxxxxxx”,“rh”:“0.AU4Aug0MehswmUeTsDYT5Nvsif6UpI2nkEBCkkAMnthtYJtOAGA.”,“sub”:“2oI9CSgbv11QpAFjGQkLqAEQ4NvDql-prXqZ6k6eaBI”,“tid”:“7a0c0dba-301b-4799-93b0-3613e4dbec89”,“unique_name”:"xxxx@xxxxx.onmicrosoft.com,“upn”:"xxxx@xxxx.onmicrosoft.com",“uti”:“RXCaSl5yjkeI_O0Heg1jAA”,“ver”:“1.0”}"; line: 1, column: 500]

2022-03-23 14:59:05,369 WARN : org.graylog2.security.realm.BearerTokenRealm - Failed to authenticate username <> with backend <AZURE AD/oidc/xxxxxxx>

I see some topics regarding this:

“email” is a standard OIDC claim with a particular documented standard way of retrieving it (using scope of email). Is there no way that AAD B2C federations can clearly return the OIDC email claim rather than in something like “upn” which feels like it might be an email or might not be an email value?

2. Describe your environment:
Docker environment
Graylog 4.2

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Can you provide some way to resold this.

thanks.

Did you see this other post about the same issue?

I manage this problem as the AZURE OIDC need to specify the version.

So after add v2 all work great.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.