AAD Integration with Speckle running in Azure K8s

shiangoli · September 14, 2023, 9:18am

We have integrated Speckle with AAD and the AAD authentication appears to be working. In that we get the AAD login see below then if we are off the company network we subsequently get the usual 3rd party multi factor authentication however it then returns us back to the original page effectively not logging onto the Speckle dashboard see second screen shot

When viewing the Speckle server pod logs it would appear there is an issue inserting a null value into the table “api_tokens” for the column “owner”. Please see error in screen shot below. We have enabled ID tokens for the AAD Application Registration under authentication. Any ideas what this might be? Does this mean the user needs to be registered before attempting to login? If so how will this work. I feel there is something missing

gjedlicska · September 15, 2023, 8:26am

Hey @shiangoli

Good to hear that you are progressing with the AAD setup; it is a tedious process.

With an SSO login, the initial login flow will register the user if it’s not yet registered on the server. So you do not need to do anything about that.

Are you, by any chance, using a SAML SSO app instead of an OIDC one? We’ve recently noticed that our setup steps don’t include the strict requirement of OIDC for the AAD flow to work.

If that is not the issue, a longer snapshot of your logs would be needed to know what is happening. Probably the user creation step is not successful, so there is no user record to attach the frontend API token to.