I am trying to configure JWT based authentication as per the instructions outlined here: https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/configuration/
The documentation states that the syntax for the “/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml” file to use an RSA public key is as follows:
jwt_auth_domain: ... config: signing_key: |- -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQK... -----END PUBLIC KEY----- ...
When however I try to run securityadmin.sh, i receive the following error:
ERR: Seems ../securityconfig/config.yml is not in Open Distro Security 7 format: com.fasterxml.jackson.dataformat.yaml.snakeyaml.error.MarkedYAMLException: while scanning a simple key in 'reader', line 132, column 1: -----BEGIN PUBLI ^
My JWT auth configuration in "/usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml " is as follows:
jwt_auth_domain: description: "Authenticate via Json Web Token" http_enabled: true transport_enabled: false order: 0 http_authenticator: type: jwt challenge: false config: signing_key: |- -----BEGIN PUBLIC KEY----- AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA -----END PUBLIC KEY----- jwt_header: "Authorization" jwt_url_parameter: "jwtToken" roles_key: null subject_key: null authentication_backend: type: noop
To confirm, the:
AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAA
is my a redaction of my valid RSA public key for the purposes of this comment.
When I add a BASE64 encoded secret in lieu of of the RSA key (example below), it takes fine but I need to use RS256.
config: signing_key: "secret_key"
Is there an error in my Syntax? I’ve been head scratching for hours but cannot get the config.yml file to take with an RSA key. I tried putting the key on one line with “\n” as line breaks although the error persisted. Any help/advice would be greatly appreciated!