AzureCredential credential sequence and flow

 

The following are used by the AzureCredential


  1. Environment - Refer to this link for env variables used (https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme?view=azure-dotnet#environment-variables)
  2. Workload Identity 
  3. Managed Identity
  4. Visual Studio
  5. Visual Studio Code
  6. Azure CLI - 
  7. Azure PowerShell
  8. Azure Developer CLI 
  9. Interactive browser




As shown in the graphic above, the API server calls the AKS webhook server and performs the following steps:

  1. kubectl uses the Microsoft Entra client application to sign in users with OAuth 2.0 device authorization grant flow.
  2. Microsoft Entra ID provides an access_token, id_token, and a refresh_token.
  3. The user makes a request to kubectl with an access_token from kubeconfig.
  4. kubectl sends the access_token to API Server.
  5. The API Server is configured with the Auth WebHook Server to perform validation.
  6. The authentication webhook server confirms the JSON Web Token signature is valid by checking the Microsoft Entra public signing key.
  7. The server application uses user-provided credentials to query group memberships of the logged-in user from the MS Graph API.
  8. A response is sent to the API Server with user information such as the user principal name (UPN) claim of the access token, and the group membership of the user based on the object ID.
  9. The API performs an authorization decision based on the Kubernetes Role/RoleBinding.
  10. Once authorized, the API server returns a response to kubectl.
  11. kubectl provides feedback to the user.

Comments

Post a Comment

Popular posts from this blog

The specified initialization vector (IV) does not match the block size for this algorithm

Image
If you're getting  exception when trying to assigned key to a symmetric key and getting error message below :- The specified initialization vector (IV) does not match the block size for this algorithm And your code probably look like something below :- Then you need to go into debug mode and start looking into the supported size for IV as shown in diagram below :- As you can see, IV is 16 bytes, so you need to provide 16 bytes. The same goes for Key field too, if you're adding anything to it. As long as you provide a valid key size, then we're good and you're code will be ready.
Read more