OIDC role could not be found

[Fabian Riechsteiner]

I configured Vault to use keycloak as a OIDC authentication provider.

When trying to login using a role defined in keycloak I just get the message:

Authentication failed: role "admin" could not be found

Also I was lost for the first 30 minutes because I was frantically searching the vault documentation for the concept of roles which is completely missing from vault. I am now assuming that it is asking for the oidc role..

Do roles in oidc map to groups in Vault or what is the idea?

I am a bit lost here as the documentation for OIDC auth is very sparse.

Does anyone  have OIDC auth running with vault?

Best Regards,

Fabian

[Jeff Mitchell]

Hi Fabian,

Role in that context is referring to a role you've configured in the JWT/OIDC mount; see https://www.vaultproject.io/api/auth/jwt/index.html#create-role

Best,

Jeff

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/vault/issues
IRC: #vault-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Vault" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/b6d76313-2c43-413e-838d-5ac087358f5d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Fabian Riechsteiner]

Hi Jeff,

Thank you for this answer.
Now everything becomes clear.
I searched only the documentation for "role" not the API docs.
Also I used the UI to add the OIDC provider, where there is no role configuration.

I will add roles and try it again.

Best Regards,
Fabian