Comments (12)
aelij
commented on July 26, 2024
1
@weinong I think you should keep this open until ADAL is fully removed from the repo (or track in a different issue). The library was deprecated a while ago and presents a security risk.
from kubelogin.
weinong
commented on July 26, 2024
pending on token cache feature in Azure/azure-sdk-for-go#6602
from kubelogin.
weinong
commented on July 26, 2024
AzureAD/microsoft-authentication-library-for-go#58
Azure/azure-sdk-for-go#6602 (comment)
from kubelogin.
weinong
commented on July 26, 2024
from kubelogin.
weinong
commented on July 26, 2024
adapter between ADAL and AzIdentity
https://github.com/jongio/azidext/blob/master/go/azidext/azure_identity_credential_adapter.go
from kubelogin.
aelij
commented on July 26, 2024
The device code flow is much less convenient than interactive browser, so please migrate.
Additionally, ADAL has been deprecated and will no longer receive security updates:
If you choose not to migrate to MSAL before ADAL support ends in December, 2022, you put your app's security at risk.
from kubelogin.
weinong
commented on July 26, 2024
Hi @aelij, yes, completely agree with you. I'm ramping up a new hire on this project. Hopefully we can tackle it soon. Though, I'm curious to learn what "inconvenience" you are referring to?
from kubelogin.
aelij
commented on July 26, 2024
The fact that you have to copy the device code, open the browser, paste it and login, rather than having the browser simply open :)
from kubelogin.
weinong
commented on July 26, 2024
from kubelogin.
fherbert
commented on July 26, 2024
Any update on the progress to migrate kubelogin to MSAL?
Would changing to MSAL result in the access_token be included in the _claim_sources member when a distrubted claim is returned?
We can't use kubelogin with anything other than AKS due to this limitation when users have more than 200 groups.
from kubelogin.
weinong
commented on July 26, 2024
@fherbert we have some login modes implemented in msal such as interactive. Though, none of this would help you. That being said, I'd recommend configure your AAD app and k8s to use app roles for authorization instead of using groups
from kubelogin.
weinong
commented on July 26, 2024
closing this issue as web interactive login mode is compatible with conditional access policy
from kubelogin.
Related Issues (20)
- Get JWT token from AzureAD v2.0 endpoint HOT 7
- Why kubectl in conjunction with kubelogin sends complete string instead of only user (upn) HOT 4
- Variable overrides parameter value inside kubeconfig HOT 1
- legacy flag does not work from version v0.0.30 when the login method is spn HOT 7
- Add linux-arm build
- Subject Name Issuer based Auth for SPN Login Mode for Kubelogin HOT 2
- Support OIDC request url & token HOT 2
- `get-token --login azurecli` should be fast when a local token exists HOT 2
- kubelogin is vulnerable to CVE-2023-39323 HOT 2
- Proposal: kubelogin library usage HOT 3
- No possibility to use Service Principal when Workload Identity is enabled in the Pod HOT 7
- Rename `master` to `main` branch for this repo.
- Expose kubelogin cli flags in library mode HOT 1
- Query Regarding Autorest Library Usage HOT 2
- weird authorization error when authenticating via service principal HOT 6
- Azure AD v2 endpoints doesn't work HOT 2
- Issues when using Azure DevOps federated identity token HOT 4
- Kubectl is returning 'Unable to connect to the server' and 'couldn't get current server API group list' all of a sudden HOT 1
- Token expires immediately HOT 1
- kubelogin enabled cluster device login takes CLIENT ID from ENV variable HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubelogin.