Integrating Kasm with MS Azure Internal OIDC

Recently, I faced issues integrating Kasm with Microsoft Azure Internal OIDC due to outdated documentation. After some trial and error, I got it to work.

Here's the list of inaccuracies in the documentation.

  1. Step 17 is no longer required. sid will be automatically included in the token. You will not be able to find it in the dropdown menu.
  2. For Step 18, add User.Read to the scope. The full scope should include openid profile email User.Read, with each in its own line. I also added these attributes as delegated type under the API permissions tab on the Azure Entra application.
  3. If you get an OIDC login rejected: Non OIDC user error, the OIDC authentication is working correctly. This error indicates that you have a local user that has the same email as the OIDC account you are trying to login with, you will need to change the email address of your local user.


Tags: Security, Server

Similar Articles

IP Hiding and Cloaking for Services - It is relatively easy to hide the IP address of clients through the use of VPNs and proxies. However, it is a challenge for services since they need to be reachable by the clients. Imagine if ...
Enumerate sites hosted on same IP - Enumerating sites which are hosted on the same IP address can sometimes tell us a lot about a server. Is it shared hosting? Is it a legitimate server which was compromised for C2 operations? Does ...
Yubikey WSL: Agent refused operation - I recently had problems using my Yubikey GPG key to SSH from my WSL instance to a linux server. After the usual checks, it seemed like it was a client side error sign_and_send_pubkey: signing ...
RAID is not backup - A number of friends have recently sought my advice on NAS and RAID solutions for storing their personal data. I do not usually give brand recommendations but I will discuss the technology ...