Hey friends,
I’ve set up OIDC authentication in graylog, and the “Test Server Connection” function works great. However, after logging into Graylog using my Office365 credentials, I get “Login failed. This might be a temporary problem. Please try again.”. Looking at graylog logs, I see this:
2023-08-01T23:50:38.153Z WARN [BearerTokenRealm] Failed to authenticate username <> with backend <Office365/oidc/64c87c0d79bc2e5e852a296a>
2023-08-01T23:50:38.154Z INFO [SessionCreator] Invalid credentials in session create request. Actor: “urn:graylog:node:c30d9c45-ff92-4d7e-af84-039bb87ebf3e”
2023-08-01T23:53:05.570Z ERROR [OauthAuthServiceBackend] Unable to extract user info from JSON response
com.fasterxml.jackson.databind.exc.ValueInstantiationException: Cannot construct instance oforg.graylog.plugins.security.authservice.backend.OauthUserinfo$Builder
, problem: Missing required properties: email
It seems graylog is looking for the email
property from the JWT and is not finding any. However, the unique_name
, upn
properties do contain an email address. I’ve set up an email
claim on AzureAD, but it’s not being picked up by graylog. I’ve also used version 2 on accessTokenAcceptedVersion
in the AzureAD app manifest as hinted by a similar thread, to no avail.
Is there a way to configure either graylog or AzureAD to trade the correct information?
Thank you!
Ubuntu 22.04, package 5.0.7-1