You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/azure/azure-kubernetes/security/troubleshoot-aks-control-plane-authentication-external-identity-providers.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
2
title: Troubleshoot AKS control plane authentication using external identity providers
3
-
description: Helps you troubleshoot authentication issues when accessing the Azure Kubernetes Service control plane using external identity providers like Google Identity or GitHub Actions OIDC.
3
+
description: Helps you troubleshoot authentication issues when accessing the Azure Kubernetes Service control plane using external identity providers
This article helps you troubleshoot authentication issues when accessing the Azure Kubernetes Service (AKS) control plane using external identity providers such as Google Identity or GitHub Actions OIDC through the JWT authenticator feature.
19
+
This article helps you troubleshoot authentication issues when accessing the Azure Kubernetes Service (AKS) control plane using external identity providers.
20
20
21
21
## Prerequisites
22
22
23
-
- Azure CLI version 2.61.0 or later. Run `az --version`to find the version. If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
23
+
- Azure CLI version 2.61.0 or later. To find the version run `az --version` . If you need to install or upgrade, see [Install Azure CLI](/cli/azure/install-azure-cli).
24
24
- A tool to connect to the Kubernetes cluster, such as the `kubectl` tool. To install `kubectl` using the Azure CLI, run the [az aks install-cli](/cli/azure/aks#az-aks-install-cli) command.
25
25
- The JWT authenticator configuration file used for your AKS cluster.
26
26
- Access to [jwt.ms][jwt-ms] or a similar JWT token decoder tool for debugging tokens.
@@ -34,7 +34,7 @@ Ensure your identity provider is correctly configured and accessible:
34
34
::: zone pivot="github"
35
35
36
36
1. Verify your GitHub repository has Actions enabled.
37
-
2. Confirm the OIDC provider settings are correctly configured in your workflow.
37
+
2. Confirm the OpenID Connect (OIDC) provider settings are correctly configured in your workflow.
38
38
3. Ensure the audience claim in your workflow matches the authenticator configuration.
39
39
40
40
::: zone-end
@@ -175,7 +175,7 @@ Example configuration:
175
175
176
176
### Step 4: Decode and verify JWT tokens
177
177
178
-
Obtain and inspect the JWT token to verify claims:
178
+
To verify claims obtain and inspect the JWT token:
179
179
180
180
::: zone pivot="github"
181
181
@@ -206,7 +206,7 @@ Obtain and inspect the JWT token to verify claims:
206
206
2. Decode the token at [jwt.ms][jwt-ms] and verify:
207
207
- The `iss` claim matches your issuer URL exactly
208
208
- The `aud` claim matches your configured audience
209
-
- The token is not expired (`exp` claim)
209
+
- The token isn't expired (`exp` claim)
210
210
- Required claims for username and groups are present
211
211
- Claims match the format expected by your CEL expressions
0 commit comments