Azure AD sidecar¶
This feature is only available in the GCP clusters.
Experimental: this is a new feature. Use it in production, but be aware that bugs might arise.
Report any issues to the #nais channel on Slack.
A reverse proxy that provides functionality to handle Azure AD login and logout.
The sidecar will occupy and use the ports
Ensure that you do not bind to these ports from your application as they will be overridden.
spec: azure: sidecar: enabled: true # everything below is optional, defaults shown autoLogin: false errorPath: ""
See the NAIS manifest for details.
See the Wonderwall appendix for usage details.
Your application should secure its own endpoints. That is, deny access to sensitive endpoints if the appropriate authentication is not supplied.
Your application should also validate the claims and signature for the Azure AD JWT
access_token attached by the sidecar.
aud (audience) claim must be equal to your application's client ID in Azure AD.