Skip to main content

Hi IFS Community,

Referring to the video tutorial:- https://www.youtube.com/watch?v=103_y7_GAas&ab_channel=IFS ; We have set up Azure Active Directory as the identity provider in one of our remote IFS Cloud environments. 
However, when a user clicks on the button "Login with Azure AD", the below error message is prompted. (This is observed even before entering the user credentials to log in)

 

IAM Identity Provider :-
 

 

Any suggestions on how to rectify this problem?

Many thanks in advance.

Hi Herath,

Please ensure that the Redirect Uri matches with the Azure app registration Web redirect URI.
Also, please check the IAM pod logs for error details.

kubectl logs -n <ifs namespace> -l app=ifsapp-iam -c ifsapp-iam --tail=20

A few other observations:

  • I notice that you are using the V1 endpoints. The V2 endpoints are also usable.
  • How do you plan to map Azure users to IFS Cloud? Azure email? Please take special notice in Azure that what looks like an email address is usually the UPN. Check the full Azure user properties.

Best regards -- Ben


Hi @Ben Monroe ,

 

On the ifsapp-iam container logs, we noticed the below error;

ERROR Rorg.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (executor-thread-0) Failed to make identity provider oauth callback: javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake

 

It seems keycloak is unable to reachout to the Azure AD to retrieve the token.The middletier cluster is hosted on an AWS EC2 instance in this environment. Are there are specific endpoints that we need to allow access from the middle tier cluster to rectify this issue? Could you please provide some information on this?

 

Thank you.


The issue was resolved by granting access to the Azure endpoints from the middle tier (cluster host).

the below endpoints were whitelisted from the cluster host.
 

 


Reply