We have a self hosted temporal which is deployed using latest helm charts. We have enabled SSO using Azure AD and i am able to login successfully.
Web-UI version : 2.31.0
When i click log-out button from web-ui, the page gets redirected to login page, where we can see “Continue to SSO” button. Once i click “Continue to SSO” button, the UI loads directly with previous session/cookies, without redirecting to SSO page.
We have added the following env’s in the values.yaml
additionalEnv:
- name: TEMPORAL_AUTH_ENABLED
value: "true"
- name: TEMPORAL_AUTH_PROVIDER_URL
value: https://login.microsoftonline.com/<tenant-id>/v2.0
- name: TEMPORAL_AUTH_CLIENT_ID
value: <myclientId>
- name: TEMPORAL_AUTH_CLIENT_SECRET
value: <myclientSecret>
- name: TEMPORAL_AUTH_CALLBACK_URL
value: https://<mydomain.abcd.com>/auth/sso/callback
- name: TEMPORAL_AUTH_SCOPES
value: openid,profile,email
Let me know, if i have missed something during SSO setup, (or) is this a known bug.?
One more observation : web-ui pod shows Error with TEMPORAL_AUTH_PROVIDER_URL as https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize
[media@bastion 1.25.0]$ kubectl logs -f temporaldev-web-6768b64bc9-7k4jr -n temporal
2024/10/06 02:53:35 Loading config; env=docker,configDir=config
2024/10/06 02:53:35 Loading config files=[config/docker.yaml]
2024/10/06 02:53:35 Loading config; env=docker,configDir=config
2024/10/06 02:53:35 Loading config files=[config/docker.yaml]
2024/10/06 02:53:35 404 Not Found:
Works fine ONLY with TEMPORAL_AUTH_PROVIDER_URL as https://login.microsoftonline.com/{tenant-id}/v2.0