Authentication / openid_connect with entraID (groups)

sil 13
Viewed 63

Hello at all

i have two questions. while the first one is a general one, the second one is specificly to openid_connect with azure EntraID

1.) Is it poosible to have two or more Authentication Provider? I would like to use internal and openid_connect - or can just one provider be active?

2.) i managed to configure openid_connect with Microsoft Azure and EntraID. When a User logs in, he is created on chirpstack and even my endpoint for the provisioning is called. unfortunately i was not able to get group informations in this post request so far - and i need this, to decide which tenant the user belongs to. So my question: did anyone manage to get the groups of the user from EntraID/Azure to chirpstack?

-> scope groups is not supported in EntraId/Azure.

Thanks for any help

troubleshooting configuration chirpstack
2 Answers
  1. Only one provider is supported.
  2. I can not answer this question, I was thinking about scopes, but if this is not supported, then I do not know if there is an other way to get group information.
Orne Brocaar916

Thanks for answer to question one. maybe someone else can help with question two :-)

sil

I have done some further research. As I understand it, Entra ID provides the group claim in the ID token, but not in the access token. Unfortunately, I haven't managed to get the group claim into the access token.

ChirpStack only uses the ID token to verify the user's identity. After that, for the data query, it uses the UserInfo endpoint with the access token. And there, no groups are displayed.

if anyone else found a solution, please let me know

sil13
Related
Backup and Restore Network session key
2 answers
Join-request received by gateway and seen in ChirpStack troug/ no join-accept (AU915)
1 answers
Chirpstack Dashboard Not Showing Active Device
1 answers
Problem on uplink devices
2 answers
Can not see device events in web-interface
Authentication / openid_connect with entraID (groups)
2 answers