OpenID Setup
Rob_M22
Posts: 1 New member
We are attempting to change our authentication method from AD to OpenID. We tried this a while back and were locked out of our system. We are now trying to perform the change in our Test environment but continue to see the same results (locked out). We have followed the documentation from Redgate but are obviously missing something. Has anyone successfully implemented this?
Links to documentation...
https://documentation.red-gate.com/sm/adding-sql-monitor-users/authenticating-with-openid-connect
https://productsupport.red-gate.com/hc/en-us/articles/14580128964125-Setting-up-OpenID-Connect-OIDC-with-Entra-ID-in-Redgate-Monitor
Our group does not have the permissions to the Azure/Entra ID setup and configuration but we do know the "App" has been created. I will be transparent, I am not sure if it was done correctly but our Data Center Operations did follow the documentation.
We also would like to have some clarification on the OpenID setup screen from the documentation. We feel we have the correct information in the Authority and Claim ID. The "Claims" section for username and group, I was given the Token Configuration Claim column name information from the Entra ID setup.
For the Redgate Monitor administration "User or group", I am using my username (email address).
I would appreciate any feedback, additional documentation, or help with making this change.
Our monitor webpage returns this when we are locked out.
Links to documentation...
https://documentation.red-gate.com/sm/adding-sql-monitor-users/authenticating-with-openid-connect
https://productsupport.red-gate.com/hc/en-us/articles/14580128964125-Setting-up-OpenID-Connect-OIDC-with-Entra-ID-in-Redgate-Monitor
Our group does not have the permissions to the Azure/Entra ID setup and configuration but we do know the "App" has been created. I will be transparent, I am not sure if it was done correctly but our Data Center Operations did follow the documentation.
We also would like to have some clarification on the OpenID setup screen from the documentation. We feel we have the correct information in the Authority and Claim ID. The "Claims" section for username and group, I was given the Token Configuration Claim column name information from the Entra ID setup.
For the Redgate Monitor administration "User or group", I am using my username (email address).
I would appreciate any feedback, additional documentation, or help with making this change.
Our monitor webpage returns this when we are locked out.
An internal server error has occurred
Sorry, something in Redgate Monitor has gone wrong.
Try refreshing the page - the problem may be temporary.
To help us diagnose the problem, please email us with the following:
- The page the error occurred on.
- If the error is reproducible, the steps to reproduce it.
- The log files.
- The time the error occurred: 6/4/2024 1:52:21 PM
Tagged:
Answers
Thanks for the update on your end.
We would recommend acquiring and decoding the JWT Token to make sure your inputs for the OIDC page in Redgate Monitor are correct based on what's being returned by the token.
You can do so via the following directions:
1. Open your browser to a blank tab and then open the developer console (usually f12) then click onto the network tab and click the box to "Preserve log"
2. Navigate to the SQL Monitor URL, one of the entries should be the OIDC request back from your OIDC provider.3. Now click on the
openidconnectaccount
entry4. In the Headers tab that is automatically selected scroll to the bottom and see if it has a section for Form data and an entry named id_token:
That will have the content of whatever is returned from your OIDC provider. In the case above, the id_token is the JWT token that contains the information
5. You can then copy the value and enter it into a page such as https://adfshelp.microsoft.com/JwtDecoder/GetToken to decode the token and see what was returned.
Please let us know if that helps you out.
Thanks!
Sean Quigley | Product Support Engineer | Redgate Software
Have you visited our Help Center?