Hi,
Got that issue currently with the 0.9.0 release when setting up the OpenID security plugin.
This issue occurs without any calls being executed to Keycloak.
Configuration
opendistro_security:
dynamic:
http:
anonymous_auth_enabled: false
xff:
enabled: false
authc:
basic_internal_auth_domain:
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
openid_auth_domain:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: openid
challenge: false
config:
enable_ssl: true
verify_hostnames: false
subject_key: preferred_username
roles_key: roles
openid_connect_url: https://keycloak:8000/auth/realms/xxx/.well-known/openid-configuration
authentication_backend:
type: noop
Error Trace
elasticsearch_1 | [2019-06-06T15:48:40,956][WARN ][o.a.c.r.s.j.j.JwsCompactConsumer] [elasticsearch] Compact JWS does not have 3 parts
elasticsearch_1 | [2019-06-06T15:48:40,956][DEBUG]> [c.a.o.s.a.BackendRegistry] [elasticsearch] ‘org.apache.cxf.rs.security.jose.jws.JwsException: INVALID_COMPACT_JWS’ extracting credentials from jwt-key-by-oidc http authenticator
elasticsearch_1 | org.apache.cxf.rs.security.jose.jws.JwsException: INVALID_COMPACT_JWS
elasticsearch_1 | at org.apache.cxf.rs.security.jose.jws.JwsCompactConsumer.(JwsCompactConsumer.java:52) ~[cxf-rt-rs-security-jose-3.2.2.jar:3.2.2]
elasticsearch_1 | at org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer.(JwsJwtCompactConsumer.java:27) ~[cxf-rt-rs-security-jose-3.2.2.jar:3.2.2]