mlbiam
commented
6 months ago sorry for not getting back sooner.
It sounds like you have a single openunison for each cluster, all integrated directly into azuread?
Closed mysiki closed 6 months ago
mlbiam
commented
6 months ago sorry for not getting back sooner.
It sounds like you have a single openunison for each cluster, all integrated directly into azuread?
mysiki
commented
6 months ago Hey, no problem.
I have one openunison by cluster (so 5 cluster, 5 openunison), all the openunison are integrated into azure AD under the same EntraID.
Each openunison have her own Entreprise App in entraID. It seems than openunison always request to refresh the token without using the existing one.
Take not than when an openunison in connected, it ok for himeself.
example :
Maybe I miss someting in configuration to allow it to use the existing token.
mlbiam
commented
6 months ago Got it. By default, we force re-authentication in our integration with oidc identity providers which is why even though you already have a session with Entra you are asked to authenticate again when accessing another cluster. Try setting oidc.forceauthentication: false in your values.yaml and re-deploy.
mysiki
commented
6 months ago 👍 Work like a charm ! Thx
Hello,
I have few k8s cluster with openunission deploy on each with Azure AD SSO. Each openunission use different Azure application under the same EntraID. The SSO work well but I need to login on each k8s event if I'm already login, the SSO token seems not be use by openunission.
I use std configuration describe in documentation. Can you give me some help to understand and setup correctly openunission in order to reuse existing token ?
Nota : I have many other application under the SSO that work corretly.
I can provide configuration if needed, just ask me what you need.