Setting up AzureAD auth w/ Vault via MSI

142 views

Skip to first unread message

Vivian Ta

unread,

Jun 29, 2018, 5:36:06 PM6/29/18

to Vault

Hi there,

I'm trying to set up AzureAD auth w/ MSI-enabled Vault servers by following this brief guide here: https://open.microsoft.com/2018/04/10/scaling-tips-hashicorp-vault-azure-active-directory/

Like a fellow poster, I'm not 100% sure I set up the AzureAd app part correctly but when trying to do a vault write to

auth/azure/login

with valid parameters (role/jwt/resource_group/subcription_id/vm_name), I'm getting this error back:

Error writing data to auth/azure/login: Error making API request.

URL: PUT https://blah:8200/v1/auth/azure/login
Code: 500. Errors:

* oidc: expected audience "https://management.azure.com" got ["https://management.azure.com/"]

Looks like vault is possibly returning an array and a string is expected instead?

Doing a vault read on that value:

root@blah:/var/lib# vault read auth/azure/config
Key            Value
---            -----
client_id      n/a
environment    n/a
resource       https://management.azure.com
tenant_id      redacted

That all seems correct on my end. Is there something I'm missing here? AzureAD auth seems very new so it's tough to find other resources/documentation on this. Would appreciate any insight on this issue.

Jim Kalafut

unread,

Jun 29, 2018, 8:01:20 PM6/29/18

to vault...@googlegroups.com

Hi Vivian,

Let's discuss on the Github issue you filed: https://github.com/hashicorp/vault-plugin-auth-azure/issues/9

Regards,

Jim

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/a757c8ae-7dba-43fa-baec-5ee1e84629e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply all

Reply to author

Forward

0 new messages