Workflow for OIDC login on Linux

Tunneler Apps Ziti Edge Tunnel
1

Hi,

Apologies for another OIDC related topic; my testing on Windows and Mac has been going well, but now I'm trying to test on Linux with less success.

Is there a link to working with the edge tunneller on Linux and OIDC? I've not been having much luck so far.

I've tried enrolling the network JWT, but I get a message the ziti context is disabled. I've also tried the add function, which doesn't complain about the context - it says it was successful. I then try logging in with ext-jwt-login but get a "ziti context not found".

ziti-edge-tunnel dump gives a success but no data. The logs show the identity being loaded, and the external auth configuration. I see ext auth: login_with_ext_signer, and the identity being updated to action 'needs_ext_login'.

I'm hoping there is some documentation I've overlooked, like last time!

2

Read through this thread. There's a bug that makes using it more difficult than it needs to be on linux at this time.I think if you read that thread you'll find what you need.

3

That works, thanks.

For anyone else who might find this in the future:

ziti-edge-tunnel add --jwt "$(< .network.jwt)" --identity myidentity
ziti-edge-tunnel ext-jwt-login --identity /opt/openziti/etc/myidentity.json --provider "Name of JWT Signer"

Some notes:

For ext-jwt-login, the identity path has to be absolute. I also had to pass the name of the External JWT Signer as the provider.

This then returns a URL which you can use to authenticate - and you'll have to fix the escaped slashes at the start first too.

But it works :slight_smile:

3 Likes