OpenID Connect - debug payload

plotek · November 26, 2020, 1:04pm

Hi!

I have a problem with getting roles from the JWT payload. I got the error in Elasticsearch logs:

c.a.d.a.h.j.AbstractHTTPJwtAuthenticator] [elasticsearch] Failed to get roles from JWT claims with roles_key 'roles'. Check if this key is correct and available in the JWT payload.

It seems that my provider doesn’t include roles information to JWT but this information is available by another endpoint /userinfo. But I would like to check this by debugging what includes the JWT token. So I have a question is there any possibility to achieve this?

Anthony · August 12, 2021, 4:37pm

@plotek It would seem this should be possible using below lines in log4j2.properties file:

logger.opendistro_security.name = com.amazon.dlic.auth.http.jwt
logger.opendistro_security.level = trace

However I have not been able to get the actual JWT produced.

I would recommend to raise a bug ticket for the dev team using below:

Topic		Replies	Views
Tracing JWT authentication for OpenID and debugging the JWT payload do not work Security	3	194	December 7, 2023
OpenIDConnect Integration with Google fails to retrieve roles info Security	4	762	September 20, 2021
Roles key warnings Security troubleshoot	3	164	December 5, 2023
Backend_roles in roles mapping seems to be ignored when using OpenID Security troubleshoot	9	2073	August 5, 2022
OpenID connect issue with Azure AD Security troubleshoot , configure	1	402	May 23, 2023

OpenID Connect - debug payload

Related Topics