Replies: 4 comments
-
|
please can anybody maybe just give me a hint what i can do regarding this line: oidc_proto_jwt_verify: JWT signature verification failed: [src/jose.c:1221: oidc_jwt_verify]: cjose_jws_verify failed: error:02000068:rsa routines::bad signature [file: jws.c, function: _cjose_jws_verify_sig_rs, line: 955] ? |
Beta Was this translation helpful? Give feedback.
-
|
most probably the wrong key has been configured |
Beta Was this translation helpful? Give feedback.
-
|
thank you for your info. I did not knew that. If i create / register an (enterprise) application there then everything regarding keys is preconfigured and i can see each endpoint for saml/oauth/openid discovery etc. In your apache module i just configured a client secret and its client id. Do i have to configure a client jws/jwt key on my apache server too? OpenID module works ... but not oauth Auth mechanism. Please read theses lines and i hope you or someone else has additional hints. Have a nice evening |
Beta Was this translation helpful? Give feedback.
-
|
Hi again, i was searching a lot whats went wrong and found out that i simply used a wrong client id which did not fit with the URL from where i received the (jwt) bearer token. I mark this topic as solved now. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello community,
can anybody help me using OAUTH 20 module in Apache 2.4 please?
( i know there is a successor module oauth2 but i dont know how to install it by not interfering existing rpm installations)
when i use the module openid-connect everything is fine.
when i want to login using a bearer token then i have to change the module to OAUTH20
There also: everything works fine without masses of configuration needed - except the JWT token validation.
My JWKs URI is set to https://login.microsoftonline.com/ -mytenantguid- /discovery/v2.0/keys
I see in apache log:
oidc_http_request: response={"keys":[{"kty":"RSA","use":"sig","kid":" .... }
oidc_proto_jwks_key_get: search for kid "3PaK..." or "thumbprint x5t "3PaK..."
oidc_proto_jwks_key_get: found matching kid: "3PaK..."
oidc_proto_jwks_uri_keys: returning 1 key(s) obtained from the (possibly cached) JWKs URI
and then the next line stops my OAUTH login :
oidc_proto_jwt_verify: JWT signature verification failed: [src/jose.c:1221: oidc_jwt_verify]: cjose_jws_verify failed: error:02000068:rsa routines::bad signature [file: jws.c, function: _cjose_jws_verify_sig_rs, line: 955]
i use SLES 15 SP4 apache2-mod_auth_openidc-2.3.8
then i upgraded to
SLES 15 SP6 apache2-mod_auth_openidc-2.4.16.3 (using an additional apache build service repository (https://build.opensuse.org/repositories/Apache:Modules/apache2-mod_auth_openidc)
But on both versions i have the same behaviour.
I've read that the error:02000068:rsa routines::bad signature ... has something to do with OPENSSL_ia32cap but i don't know further.
Can anybody help me verifying the JWT token?
Thank you
Andy
Beta Was this translation helpful? Give feedback.
All reactions