Closed ashleyfrieze closed 1 year ago
@vscheuber please advise
@ashleyfrieze you can try specifying the realm. Admin federation configuration is stored in the root realm, not in alpha or bravo:
% frodo idp list volker-dev /
Lists the correct provider for me. I'm currently running the new pre-release 2.0.0 code so I am not able to test the export, yet. Please try the export using the latest frodo version (<2.0.0).
In your examples you are quoting the frodo idm
command... I assume you are using frodo idp
?
@ashleyfrieze I added frodo admin federation
sub-commands list
, export
, and import
in frodo-cli 0.24.6-1 (a pre-release). If could give it a good shake that would be great.
@vscheuber - not looking good at all, I'm afraid. I'm having general bad times attempting to use a pre-existing service account added via frodo conn add
. The frodo admin federation list
will not accept that I've provided credentials. I've also tried using --sa-id
with this command to present the service account and jwk file, but this doesn't help. I think your algorithm for detecting a token just doesn't work.
I also tried using host/username/password at command line with my own credentials. I got a timeout after 30 seconds of waiting. Not sure if that was my network connection.
@ashleyfrieze the frodo admin federation
commands will only work with an admin account, not with a service account. That is not by my choice but is a security decision on the ForgeRock engineering side where only real admin user accounts have the privileges required to manage admin federation, due to the high security impact of this feature.
If you still have issues with the frodo conn save
please tell me more and I'll get them fixed. I created tests around your scenario and I believe the issue you reported (#243) to be fixed.
Frodo CLI version
Describe the issue
We've presently set up an Azure AD integration in our sandbox. We can see this mentioned when we run this command:
However when I run a command to export all the IDP settings, even though my service account has ALL possible permissions, I get errors:
Is it even possible to do this? Is the limitation with Frodo or the FR tenant?