OIDC via Zitadel in CF Zero Trust
Selfhosted Zitadel 4.7
Hi,
I have been trying to set up OIDC authentication via Zitadel in Cloudflare Zero Trust by following this (outdated?) guide, but I am unable to make it work: I keep getting the error visible in the attached image (
1.png).
https://zitadel.com/docs/guides/integrate/services/cloudflare-oidc
I have set up multiple services with authentication via Zitadel, but I cannot figure this one out. Also, I can see that others are experiencing the same issue (here with Authentik):
https://github.com/goauthentik/authentik/issues/12228
https://community.cloudflare.com/t/oidc-sso-failed-to-verify-oidc-token-with-fresh-keys/720407/9
Any idea how to solve this in Zitadel? Is it a CF issue? Config in attached images.
2 Replies
Hi @sebastka, I'm an AI assistant for ZITADEL. While a team member reviews this question, I'll see if I can find relevant sources for your question.
Answer
I wasn't able to find a direct answer, here are some relevant sources:
1. Configure ZITADEL as an OIDC Identity Provider on Cloudflare Zero Trust : This guide covers the basic setup steps including creating the ZITADEL application with Code authentication method, configuring redirect URIs, and enabling "User Info inside ID Token" on application settings (1) .
2. Configure Zitadel with Cloudflare : If you're self-hosting, this covers required Cloudflare settings including HTTP/2, gRPC enablement, and TLS configuration (2) .
To learn more, see the sources I considered:
[1] Configure ZITADEL as an OIDC Identity Provider on Cloudflare Zero Trust
[2] Configure Zitadel with Cloudflare
Feel free to tag @Ask Inkeep with additional questions.
Got it. Tagging @Rajat for additional help.
hey @sebastka thanks for your question, I will take a look and will get back to you