OpenID Setup Issue

Hi,

Got that issue currently with the 0.9.0 release when setting up the OpenID security plugin.

This issue occurs without any calls being executed to Keycloak.

Configuration

opendistro_security:
dynamic:
http:
anonymous_auth_enabled: false
xff:
enabled: false
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
enable_ssl: true
verify_hostnames: false
subject_key: preferred_username
roles_key: roles
openid_connect_url: https://keycloak:8000/auth/realms/xxx/.well-known/openid-configuration
authentication_backend:
type: noop

Error Trace

elasticsearch_1 | [2019-06-06T15:48:40,956][WARN ][o.a.c.r.s.j.j.JwsCompactConsumer] [elasticsearch] Compact JWS does not have 3 parts
elasticsearch_1 | [2019-06-06T15:48:40,956][DEBUG]> [c.a.o.s.a.BackendRegistry] [elasticsearch] ‘org.apache.cxf.rs.security.jose.jws.JwsException: INVALID_COMPACT_JWS’ extracting credentials from jwt-key-by-oidc http authenticator
elasticsearch_1 | org.apache.cxf.rs.security.jose.jws.JwsException: INVALID_COMPACT_JWS
elasticsearch_1 | at org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer.(JwsCompactConsumer.java:52) ~[cxf-rt-rs-security-jose-3.2.2.jar:3.2.2]
elasticsearch_1 | at org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer.(JwsJwtCompactConsumer.java:27) ~[cxf-rt-rs-security-jose-3.2.2.jar:3.2.2]