docs: add oidc configuration with ory hydra #15126
Open
+34
−0
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
edlerd
force-pushed
the
doc-oidc-ory
branch
2 times, most recently
from
ac7d775 to
0751eb8
Compare
minaelee
requested changes
Mar 7, 2025
doc/howto/oidc_ory.md
Outdated
|
|
||
| Now you can access the LXD UI with any browser and use {abbr}`SSO (single sign-on)` login. Create a user by signing up and complete the login process. | ||
|
|
||
| Users will have no permissions by default. You must set up {ref}`LXD authorization groups <manage-permissions>` to grant access to projects and instances. Map a LXD authorization group to the user. Note, that the user object in LXD will only be created on the first login of that user to LXD. |
There was a problem hiding this comment.
Suggested change
| Users will have no permissions by default. You must set up {ref}`LXD authorization groups <manage-permissions>` to grant access to projects and instances. Map a LXD authorization group to the user. Note, that the user object in LXD will only be created on the first login of that user to LXD. | |
| Users have no default permissions. You must set up {ref}`LXD authorization groups <manage-permissions>` to grant access to projects and instances. Map a LXD authorization group to the user. Note that the user object in LXD is only created on the first login of that user to LXD. |
There was a problem hiding this comment.
After following the steps, I opened the UI locally and tried Login with SSO. I received this error:
invalid_request: The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience 'https://pensive-beaver-sokgdnmdhu.projects.oryapis.com' has not been whitelisted by the OAuth 2.0 Client.
I set https://127.0.0.1:8443/oidc/callback for the Redirect URIs section. LXD UI version 5.21.3-ui-0.15. Using Firefox with cleared cache.
There was a problem hiding this comment.
The ORY interface is misleading here. We have to enter the redirect URL in the input field and then click add. I changed the description a bit to make this more clear. Same with the scope fields. Without clicking "Add", the values in the input field on creation are ignored.
There was another issue: We should not set an audience, which I updated below.
Co-authored-by: Minae Lee <minae.lee@canonical.com> Signed-off-by: David Edler <david.edler@canonical.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Done