Azure Active Directory Workload Identity Federation with external OIDC IdP
HTML-код
- Опубликовано: 30 июл 2024
- In this video, we experiment with the Azure Active Directory Workload Identity Federation using external OpenID Connect identity provider (OIDC IdP) including our own fake JWT token, another AAD tenant, Auth0, and GCP. As of February 2022, AAD Workload Identity Federation is in "preview". We use Azure Portal to create "federatedIdentityCredential" for Azure AD application registration and use Postman to invoke various OAuth2 endpoints and discuss various error messages and responses.
/ azure-active-directory...
00:00 Introduction
02:05 Create AAD application
04:00 Fake JWT token
10:30 Another AAD tenant as IdP is not supported
13:55 Auth0 as IdP
20:18 GCP as IdP
25:28 List Azure Resource Groups via ARM API
27:00 Another fake JWT token - Наука
Excellent video!
Thanks Arsen for such a wonderful explanation, especially the approach of step-by-step evolution of the concepts. I am really a big fan of approach that shows the error and then what those error means and then the right approach to solve that error scenario. A big thumbs-up and a big thanks to you.
Thank you Arvind!
@Arsen, I totally agree with @tubebha. Thanks for making this video, I really enjoyed it.
Wow, You simplified this stuff with so much clarity. Love this video.
Thank you Sandip! Glad you found it useful.
I really like this video. Simple explanation with demo of complex topic. Keep it up Arsen.
Thank you Aakash!
Hi, I liked your video. I have a question.. If I am using external Idp and my client(or client-id) is kubernetes.local (AKS cluster) , then how I can configure it? Thanks.
Good one, you save my time, I was struggling to make a configuration. I can visualize how much effort you put into this. Thanks for sharing us.
I am trying to authenticate external oauth token which is also hosted in Azure but in a different Tenant, could you help me to Authenticate that.
I am getting below error.
"AADSTS700222: AAD-issued tokens may not be used for federated identity flows.
Thank you! Glad this was helpful for you. I mentioned about 10:30 min into the video that using another AAD tenant as the IdP is not currently supported.