SSO: add debug logging when translating claims via binding rules #16360
Assignees
Labels
hcc/jira
stage/accepted
Confirmed, and intend to work on. No timeline committment though.
theme/auth
theme/core
type/enhancement
Comments
jrasell
added
type/enhancement
theme/core
theme/auth
stage/accepted
|
Any updates on this? It would be super nice to see what's going on without needing to MitM my own network just to see the data that goes into the evaluation. |
|
Hi @jinnatar, there is no update currently. When the team has updates we will post them in the issue and when it's being worked on, the issue will be assigned to that engineer. |
|
Any chance to have this addressed soon? Configuring SSO is not trivial, and doing it in the dark makes it even worse. |
|
We are considering this as part of some work we are doing around SAML integration in the next major release. |
6 tasks
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When configuring SSO via binding-rule and authentication providers, it can be tricky to understand exactly what the provider is returning and how the binding rules are being evaluated. This trickiness is because Nomad does not expose any information it receives during login, or regarding the translation phase.
Nomad should therefore be enhanced so that operators can optionally enable debugging to understand this process and make configuring SSO easier. Due to the very sensitive nature of this information, we should be careful how this is enabled, and it probably shouldn't be tied to the agents log level. Consul has an isolated configuration parameter to expose this debug information.
The text was updated successfully, but these errors were encountered: