idp/entra hardcodes to graph.microsoft.com in 4 instances below. likely left over during development?
|
uri = talloc_asprintf(rest_ctx, "https://graph.microsoft.com/v1.0/users?$filter=%s", filter_enc); |
Currently the configuration already lets you change the graph url for userinfo and idp_id_scope
|
idp_userinfo_endpoint = https://graph.microsoft.com/v1.0/me |
Some entra tenants are on the microsoft.us domain, which results to microsoft sending 401 on lookups when oidc attempts to talk to the hardcoded urls at graph.microsoft.com
can confirm replacing the code from graph.microsoft.com to graph.microsoft.us solves the issue.
using release 2.11.1
idp/entra hardcodes to graph.microsoft.com in 4 instances below. likely left over during development?
sssd/src/oidc_child/oidc_child_id.c
Line 114 in 0458e65
Currently the configuration already lets you change the graph url for userinfo and idp_id_scope
sssd/src/man/sssd-idp.5.xml
Line 257 in 0458e65
Some entra tenants are on the microsoft.us domain, which results to microsoft sending 401 on lookups when oidc attempts to talk to the hardcoded urls at graph.microsoft.com
can confirm replacing the code from graph.microsoft.com to graph.microsoft.us solves the issue.
using release 2.11.1