We are attempting to get Concourse working via OIDC so our team can log into it using their Google accounts. This is working, however we then attempted to restrict the domain to only be our organization via the following setting:
we get the error unexpected hd claim ***********.com
I can confirm that this is indeed setting the correct environment variable in the web pod:
kubectl describe pod -n concourse <pod ID>
CONCOURSE_OIDC_HOSTED_DOMAINS: [<*********>.com]
I have experimented with wildcards as well, such as simply doing this:
...
hostedDomains:
- "*"
...
However whenever signing in, no matter what value is set for hostedDomains we get this error:
unexpected hd claim ***********.com
We have browsed through the Dex Code that appears to handle this, and it looks like a simple string comparison, not sure how this could not be working unless I am possibly missing another setting?
We are attempting to get Concourse working via OIDC so our team can log into it using their Google accounts. This is working, however we then attempted to restrict the domain to only be our organization via the following setting:
we get the error
unexpected hd claim ***********.comI can confirm that this is indeed setting the correct environment variable in the
webpod:kubectl describe pod -n concourse <pod ID>I have experimented with wildcards as well, such as simply doing this:
However whenever signing in, no matter what value is set for
hostedDomainswe get this error:We have browsed through the Dex Code that appears to handle this, and it looks like a simple string comparison, not sure how this could not be working unless I am possibly missing another setting?
Thanks.