-
Bug
-
Resolution: Done
-
Blocker
-
quay-v3.11.0
-
False
-
None
-
False
-
-
-
0
Description:
This is an issue found in Quay 3.11 when configuring Quay to use OIDC authentication, and allow team syncing from Azure OIDC Groups, after login Quay with Azure user via OIDC successfully, create new team and click 'Enable Directory Synchronization', waiting for some time, found can't see new team members sync from Azure OIDC groups, checked Quay APP logs, get error "Got error when trying to iterate group members with config {}: Not supported", pls review this issue, see attached Quay APP POD logs quay311-app-pod1.logs
Azure Entra ID groups:
Quay: quay-operator-bundle-container-v3.11.0-12
Quay 3.11 can't sync team members from Azure OIDC Groups
Quay Logs:
teamsyncworker stdout | 2024-02-29 05:04:13,343 [87] [DEBUG] [data.users.teamsync] Existing membership of 0 for team `myteam1` under organization qateam via {} (#2)
teamsyncworker stdout | 2024-02-29 05:04:13,343 [87] [ERROR] [data.users.teamsync] Got error when trying to iterate group members with config {}: Not supported
Quay config.yaml:
AUTHENTICATION_TYPE: OIDC FEATURE_TEAM_SYNCING: true FEATURE_NONSUPERUSER_TEAM_SYNCING_SETUP: true AZUREID_LOGIN_CONFIG: CLIENT_ID: d38adba5-f32e-4342-b57e-bc0e6dcc4fbe CLIENT_SECRET: ******* LOGIN_SCOPES: [ 'openid', 'roles' ] PREFERRED_GROUP_CLAIM_NAME: groupNames OIDC_SERVER: https://login.microsoftonline.com/250926f3-c788-4a52-acfa-e3aac5386ac1/v2.0/ SERVICE_NAME: AzureAD
- links to
- mentioned on
