Hi. I’m trying to connect to ES via JWT with an access token in the header.
My config and token are below. Currently es is failing to retrieve given a nested key. Unfortunately, I don’t have the ability to re-design and re-implement the token structure.
Any ideas?
esproxy-service | [2019-05-31T22:48:39,068][WARN ][c.a.d.a.h.j.HTTPJwtAuthenticator] [f9hNS8q] Failed to get subject from JWT claims, check if subject_key 'context.user.name' is correct.
esproxy-service | [2019-05-31T22:48:39,069][ERROR][c.a.d.a.h.j.HTTPJwtAuthenticator] [f9hNS8q] No subject found in JWT token
```
jwt_auth_domain:
enabled: true
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: "XXXXXXXXX"
jwt_header: "Authorization"
jwt_url_parameter: null
subject_key: context.user.name
roles_key: context.user.policies
authentication_backend:
type: noop
```
```
{
"context": {
"user": {
"policies": [
"data_upload",
"programs.XXXX-read-storage",
"programs.XXXX-read",
"programs.XXXX-create",
"programs.XXXX-upload",
"programs.XXXX-update",
"programs.XXXX-delete",
"programs.XXXX.proj1-read-storage",
"programs.XXXX.proj1-read",
"programs.XXXX.proj1-create",
"programs.XXXX.proj1-upload",
"programs.XXXX.proj1-update",
"programs.XXXX.proj1-delete",
"programs.XXXX.proj2-read-storage",
"programs.XXXX.proj2-read",
"programs.XXXX.proj2-create",
"programs.XXXX.proj2-upload",
"programs.XXXX.proj2-update",
"programs.XXXX.proj2-delete",
"programs.XXXX.proj3-read-storage",
"programs.XXXX.proj3-read",
"programs.XXXX.proj3-create",
"programs.XXXX.proj3-upload",
"programs.XXXX.proj3-update",
"programs.XXXX.proj3-delete"
],
"google": {
"proxy_group": null
},
"is_admin": true,
"name": "ME@XXXX.edu",
"projects": {
"XXXX-proj1": [
"read-storage",
"read",
"create",
"upload",
"update",
"delete"
],
"XXXX-proj3": [
"read-storage",
"read",
"create",
"upload",
"update",
"delete"
],
"XXXX": [
"read-storage",
"read",
"create",
"upload",
"update",
"delete"
]
}
}
},
"jti": "e49fd918-7a4e-4f02-a03b-f56f72a74d87",
"aud": [
"openid",
"user",
"credentials",
"data",
"admin",
"google_credentials",
"google_service_account"
],
"exp": 1559343582,
"azp": "",
"iss": "https://localhost/user",
"iat": 1559342382,
"pur": "access",
"sub": "2"
}
```