Hello,I have a question about authentication that I need your help with. My software version is 8.5
Error:
[o.e.x.s.a.RealmsAuthenticator] [node-1] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by org.elasticsearch.ElasticsearchSecurityException: Failed to parse or validate the ID Token)
ES config:
xpack.security.authc.realms.oidc.oidc1:
order: 2
rp.client_id: "apm"
rp.response_type: code
rp.redirect_uri: "http://kibana:5601/api/security/oidc/callback"
op.issuer: "jwt"
op.authorization_endpoint: "http://oidc:8085/defensor/oidc/test/"
op.token_endpoint: "http://oidc:8085/defensor/oidc/testtoken/"
op.jwkset_path: oidc/jwkset.json
op.userinfo_endpoint: "http://oidc:8085/defensor/oidc/testtoken/"
op.endsession_endpoint: "http://oidc:8085/defensor/oidc/testtoken/"
rp.post_logout_redirect_uri: "http://kibana:5601/security/logged_out"
claims.principal: sub
jwkset.json:
{
"keys": [
{
"kty": "oct",
"k": "3ed11c4bd4b392fca507213f43b20a8857b03faec90293972dbc037d2cc1d98c",
"alg": "HS256"
}
]
}
oidc token server:
class ApmTokenView(APIView):
def get(self, request: Request, *args, **kwargs):
print(request.query_params)
return Response()
def post(self, request: Request, *args, **kwargs):
def get_access_token():
import secrets
secret = secrets.token_hex(32)
return secret
def get_id_token():
import jwt
import time
current_timestamp = int(time.time())
payload = {
"sub": "my_user",
"iat": current_timestamp,
"exp": current_timestamp + 3600,
"roles": ["apm-role"],
"iss": "jwt",
"aud": "jwt",
}
shared_secret = (
"3ed11c4bd4b392fca507213f43b20a8857b03faec90293972dbc037d2cc1d98c"
)
id_token = jwt.encode(payload, shared_secret, algorithm="HS256")
return id_token
access_token = get_access_token()
id_token = get_id_token()
token_info = {
"access_token": access_token,
"token_type": "Bearer",
"expires_in": 3600,
"id_token": id_token,
"refresh_token": "your_refresh_token",
}
return Response(token_info)
but now I'm reporting an error -> Failed to parse or validate the ID Token