I have configured JWT based backend authentication to use keyclock users in config.yml
public key I have used from Keyclock server-> realmName->realm settings-> keys → RS256 → public key
config.yml
jwt_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: |-
-----BEGIN PUBLIC KEY-----
MIIBIjANBgk...
-----END PUBLIC KEY-----
jwt_header: "Authorization"
jwt_url_parameters: "jwttoken"
roles_key: "roles"
subject_key: "sub"
skip_users:
- kibanaro
- kibanaserver
- logstash
- admin
- kibanauser
authentication_backend:
type: noop
kibana.yml
opendistro_security.auth.type: jwt
opendistro_security.jwt.url_param: jwttoken
I have created a token with API:
/auth/realms/realmName/protocol/openid-connect/token
the created token is used for authenticating using curl command.
curl -XGET https://localhost:9200 -H “Application-Authorization: Bearer $access-token-from-above-call” -k
but curl gives output as
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Open Distro Security"
content-type: text/plain; charset=UTF-8
content-length: 12
I have doubt, it should used WWW-Authenticate: Bearer , but its showing WWW-Authenticate: Basic realm=''Open Distro Security"
What can be the issue with the above procedure?