Authentication failed for an OpenID integration(oidc)

Hello,I have a question about authentication that I need your help with. My software version is 8.5

Error:
[o.e.x.s.a.RealmsAuthenticator] [node-1] Authentication to realm oidc1 failed - Failed to authenticate user with OpenID Connect (Caused by org.elasticsearch.ElasticsearchSecurityException: Failed to parse or validate the ID Token)

ES config:

xpack.security.authc.realms.oidc.oidc1:
  order: 2
  rp.client_id: "apm"
  rp.response_type: code
  rp.redirect_uri: "http://kibana:5601/api/security/oidc/callback"
  op.issuer: "jwt"
  op.authorization_endpoint: "http://oidc:8085/defensor/oidc/test/"
  op.token_endpoint: "http://oidc:8085/defensor/oidc/testtoken/"
  op.jwkset_path: oidc/jwkset.json
  op.userinfo_endpoint: "http://oidc:8085/defensor/oidc/testtoken/"
  op.endsession_endpoint: "http://oidc:8085/defensor/oidc/testtoken/"
  rp.post_logout_redirect_uri: "http://kibana:5601/security/logged_out"
  claims.principal: sub

jwkset.json:

{
    "keys": [
        {
            "kty": "oct",
            "k": "3ed11c4bd4b392fca507213f43b20a8857b03faec90293972dbc037d2cc1d98c",
            "alg": "HS256"
        }
    ]
}

oidc token server:

class ApmTokenView(APIView):

    def get(self, request: Request, *args, **kwargs):
        print(request.query_params)
        return Response()

    def post(self, request: Request, *args, **kwargs):
        def get_access_token():
            import secrets

            secret = secrets.token_hex(32)
            return secret

        def get_id_token():
            import jwt
            import time

            current_timestamp = int(time.time())
            payload = {
                "sub": "my_user",  
                "iat": current_timestamp,  
                "exp": current_timestamp + 3600,  
                "roles": ["apm-role"],
                "iss": "jwt",  
                "aud": "jwt", 
            }

            
            shared_secret = (
                "3ed11c4bd4b392fca507213f43b20a8857b03faec90293972dbc037d2cc1d98c"
            )
            id_token = jwt.encode(payload, shared_secret, algorithm="HS256")
            return id_token

        access_token = get_access_token()
        id_token = get_id_token()
        token_info = {
            "access_token": access_token,
            "token_type": "Bearer",
            "expires_in": 3600,
            "id_token": id_token,
            "refresh_token": "your_refresh_token",
        }
        return Response(token_info)

but now I'm reporting an error -> Failed to parse or validate the ID Token

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.