Hi all!
I can successfully enroll and connect my MacOS device using the default auth policy. Also can create an ext JWT provider (authentik) and enroll using the JWT token file from "Download network JWT" button and new auth policy.
Now I'm trying to have the primary cert and secondary OIDC policy. The policy:
{
"name": "Hybrid device and human",
"primary": {
"cert": {
"allowExpiredCerts": false,
"allowed": true
},
"extJwt": {
"allowed": false,
"allowedSigners": []
},
"updb": {
"allowed": false,
"lockoutDurationMinutes": 0,
"maxAttempts": 5,
"minPasswordLength": 5,
"requireMixedCase": false,
"requireNumberChar": false,
"requireSpecialChar": false
}
},
"secondary": {
"requireExtJwtSigner": "3UVqO63Q0SFrr17b48eG3g",
"requireTotp": false
},
"tags": {}
}
If I simply add the enroll JWT to the Mac tunneler and then try connecting, it stays yellow. If I add the one I used for primary ext JWT, it also stays yellow (I think it's trying to do the primary external OIDC).
The one with external OIDC as secondary doesn't show any signs of the OIDC, the popup with the open browser button never appears.
What am I doing wrong?