Open kamikazechaser opened 7 months ago
Hi KamikazeChaser, we've successfully integrated Google SSO by following our guide. Give me 5 minutes, and I'll dig out our management.json config for you.
It is worth noting that we use Terraform for our deployment of Netbird, so if you see any unusual syntax, give me a shout.
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:******:443",
"Username": "*******",
"Password": "*******"
},
{
"Proto": "tcp",
"URI": "stun:*********:443",
"Username": "*******",
"Password": "********"
}
],
"TURNConfig": {
"Turns": [
{
"Proto": "dtls",
"URI": "turns:******:5349",
"Username": "******",
"Password": "******"
}
],
"CredentialsTTL": "12h",
"Secret": "********",
"TimeBasedCredentials": false
},
"Signal": {
"Proto": "https",
"URI": "access.${data.aws_route53_zone.netbird_hosted_zone.name}:443",
"Username": "",
"Password": null
},
"StoreConfig": {
"Engine": "jsonfile"
},
"HttpConfig": {
"Address": "0.0.0.0:443",
"AuthAudience": "$OIDC_CLIENT_ID",
"AuthUserIDClaim": "sub",
"OIDCConfigEndpoint": "${var.oidc_configuration_endpoint}"
},
"IdpManagerConfig": {
"ManagerType": "${var.netbird_management_idp}",
"ClientConfig": {
"Issuer": "${local.oidc_openid_configuration.issuer}",
"TokenEndpoint": "${local.oidc_openid_configuration.token_endpoint}",
"ClientID": "$OIDC_CLIENT_ID",
"ClientSecret": "$OIDC_CLIENT_SECRET",
"GrantType": "client_credentials"
},
"ExtraConfig": {
"CustomerId": "$GOOGLE_WORKSPACE_CUSTOMER_ID",
"ServiceAccountKey": "$GOOGLE_WORKSPACE_SA_KEY"
}
},
"DeviceAuthorizationFlow": {
"Provider": "none",
"ProviderConfig": {
"Audience": "$OIDC_CLIENT_ID",
"ClientID": "$OIDC_CLIENT_ID",
"ClientSecret": "$OIDC_CLIENT_SECRET",
"Scope": "${local.oidc_supported_scopes}",
"UseIDToken": true
}
},
"PKCEAuthorizationFlow": {
"ProviderConfig": {
"Audience": "$OIDC_CLIENT_ID",
"ClientID": "$OIDC_CLIENT_ID",
"ClientSecret": "$OIDC_CLIENT_SECRET",
"DeviceAuthEndpoint": "${local.oidc_openid_configuration.device_authorization_endpoint}",
"Scope": "${local.oidc_supported_scopes}",
"RedirectURLs": [
"http://localhost:53000/"
],
"UseIDToken": true
}
}
}
Describe the problem
I have setup a self-hosted server as per the guide. I can login with my Google Workspace account to the dashboard. However, the
netbird up --management-url $DOMAIN
fails with:I also attempted to use the android app, it prompted me for a Setup Key which I created and pasted into the app. App returned:
On the server, I saw these logs from the
dashboard
container in both instances:To Reproduce
Attempt to add a device using Debain CLI or Android App on a self hosted instance using Google IDP.
Expected behavior
Successfully add a device.
Are you using NetBird Cloud?
Self-hosted
NetBird version
netbird version
0.26.0
both client and server (signal, management).Additional context
Dashboard env:
management.json
openid-configuration.json: