How to correctly setup Azure AD for Spinnaker?

Question

How to correctly setup Azure AD for Spinnaker?

Swaroop 25

I'm receiving the following error on the browser when I login to my Azure AD for OAuth with Spinnaker.

{"timestamp":1693330847528,"status":401,"error":"Unauthorized","message":"Unauthorized"}

At the same time the logs on the Spinnaker side says: 2023-08-29 16:25:35.156 WARN 1 --- [0.0-8084-exec-9] c.n.s.gate.filters.FiatSessionFilter : Authenticated user was not present in authenticated request. Check authentication settings.

I can share more information if required. Any help will be much appreciated. Thanks!

Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2023-08-31T11:36:21.5466667+00:00

@Swaroop Thank you for reaching out to us, could you provide more details related this issue ?

Was this working before or is this a new configuration ? if it is a new configuration could you share the steps/guide which you followed to set this up.

Above error doesnt give us complete details to investigate this issue, more information is needed to assist you further on this.
Swaroop 25 Reputation points

2023-08-31T13:22:31.2666667+00:00

@Givary-MSFT Thank you for your response. Apologies for not providing the full information, I wasn't sure if this was the right forum.

This is a new configuration, I'm trying to change the Oauth for Spinnaker from GitHub (which works) to Azure AD. I followed the steps mentioned here and here. Please let me know if you need any additional details.
Swaroop 25 Reputation points

2023-08-31T13:47:29.65+00:00

Sorry, this has been resolved. It turns out the client secret wasn't decoded properly (the trailing newline character had to be excluded) in the Kubernetes secret. It should be either

echo -n '<client_secret>' | base64 and then copy the output to a secret

or

kubectl -n spinnaker create secret generic spin-secrets --from-literal=oauth-client-secret-azure=<client_secret>

and not -

echo '<client_secret>' | base64

Thanks for the help!
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2023-08-31T14:34:41.9+00:00

@Swaroop Thats great issue has been resolved and thank you for sharing the steps which helped to resolve this issue.

Accepted answer

0 additional answers

Your answer

Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2023-08-31T11:36:21.5466667+00:00

@Swaroop Thank you for reaching out to us, could you provide more details related this issue ?

Was this working before or is this a new configuration ? if it is a new configuration could you share the steps/guide which you followed to set this up.

Above error doesnt give us complete details to investigate this issue, more information is needed to assist you further on this.
Swaroop 25 Reputation points

2023-08-31T13:22:31.2666667+00:00

@Givary-MSFT Thank you for your response. Apologies for not providing the full information, I wasn't sure if this was the right forum.

This is a new configuration, I'm trying to change the Oauth for Spinnaker from GitHub (which works) to Azure AD. I followed the steps mentioned here and here. Please let me know if you need any additional details.
Swaroop 25 Reputation points

2023-08-31T13:47:29.65+00:00

Sorry, this has been resolved. It turns out the client secret wasn't decoded properly (the trailing newline character had to be excluded) in the Kubernetes secret. It should be either

echo -n '<client_secret>' | base64 and then copy the output to a secret

or

kubectl -n spinnaker create secret generic spin-secrets --from-literal=oauth-client-secret-azure=<client_secret>

and not -

echo '<client_secret>' | base64

Thanks for the help!
Givary-MSFT 35,626 Reputation points Microsoft Employee Moderator

2023-08-31T14:34:41.9+00:00

@Swaroop Thats great issue has been resolved and thank you for sharing the steps which helped to resolve this issue.

Answer 1

@Swaroop I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

Issue: How to correctly setup Azure AD for Spinnaker?

receiving the following error on the browser when I login to my Azure AD for OAuth with Spinnaker.

{"timestamp":1693330847528,"status":401,"error":"Unauthorized","message":"Unauthorized"}

At the same time the logs on the Spinnaker side says: 2023-08-29 16:25:35.156 WARN 1 --- [0.0-8084-exec-9] c.n.s.gate.filters.FiatSessionFilter : Authenticated user was not present in authenticated request. Check authentication settings.

Resolution: Resolved by @Swaroop Below are the steps reference links.

This is a new configuration, you were trying to change the Oauth for Spinnaker from GitHub (which works) to Azure AD. I followed the steps mentioned here and here.

this has been resolved. It turns out the client secret wasn't decoded properly (the trailing newline character had to be excluded) in the Kubernetes secret. It should be either

echo -n '<client_secret>' | base64 and then copy the output to a secret

or

kubectl -n spinnaker create secret generic spin-secrets --from-literal=oauth-client-secret-azure=<client_secret>

and not -

echo '<client_secret>' | base64

If you have any other questions or are still running into more issues, please let me know.
Thank you again for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Share via

How to correctly setup Azure AD for Spinnaker?

0 additional answers

Your answer