Hello, I'm trying to use my Laravel app that uses Passport for authentication, to create an OpenID Connect Provider to single sign on with Elastic and Kibana. But I get the following error:
{
"statusCode":401,
"error":"Unauthorized",
"message":"Unauthorized"
}
In the http://localhost:5601/api/licensing/info endpoint.
And in the Elastic terminal I get:
[Failed to exchange code for Id Token]
My configs for elastic are:
xpack.security.authc.realms.oidc.oidc2:
order: 1
rp.client_id: "947fe15a-8f74-473e-b794-138fd79d7c79"
rp.response_type: code
rp.redirect_uri: "http://localhost:5601/api/security/oidc/callback"
op.issuer: "http://localhost:8082"
op.authorization_endpoint: "http://localhost:8082/oauth/authorize/"
op.token_endpoint: "http://localhost:8082/oauth/token/"
op.jwkset_path: oidc/jwkset.json
op.userinfo_endpoint: "http://localhost:8082/oauth/userinfo/"
op.endsession_endpoint: "http://localhost:8082/oauth/logout/"
rp.post_logout_redirect_uri: "http://localhost:5601/security/logged_out"
claims.principal: sub
claims.mail: email
claims.name: name
And the only endpoint that I manually added in laravel is:
Route::middleware(['auth:api', 'scope:openid', 'claim:sub,email,name'])->get('/oauth/userinfo', function (Request $request) {
return $request->user();
});
I'm using the laravel-passport-claims package to add the required claims.
Is someone able to spot a possible cause for the error with these informations?
Obs.: I installed Elastic and Kibana on Windows 10 and I'm using the free trial to use the OpenID features.
. This was my previous attempt on SSO with Elastic/Kibana RP.
. So since the SSO worked using SAML, I don't believe I'll be trying anything else here, even though I'd like to.
If it's fine for you I'd keep your question here just in case someone else will be trying a similar thing.