https://datahubproject.io logo
Join Slack
Powered by
Hi, I’m trying to connect Datahub Frontned with oi...
# ui
a
Hi, I’m trying to connect Datahub Frontned with oidc Authentication, i followed the guide and successfully reach our oauth login ui, but after that i just throw this error and i couldnt log in. Anyone know why?
Copy code
Caused by: java.util.concurrent.CompletionException: org.pac4j.core.exception.TechnicalException: com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
	at java.util.concurrent.CompletableFuture.encodeThrowable(CompletableFuture.java:273)
	at java.util.concurrent.CompletableFuture.completeThrowable(CompletableFuture.java:280)
	at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1606)
	at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:56)
	... 6 common frames omitted
Caused by: org.pac4j.core.exception.TechnicalException: com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
	at org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:138)
	at org.pac4j.oidc.profile.creator.OidcProfileCreator.create(OidcProfileCreator.java:40)
	at org.pac4j.core.client.BaseClient.retrieveUserProfile(BaseClient.java:113)
	at org.pac4j.core.client.BaseClient.getUserProfile(BaseClient.java:93)
	at org.pac4j.core.engine.DefaultCallbackLogic.perform(DefaultCallbackLogic.java:92)
	at react.auth.AuthModule$2.perform(AuthModule.java:84)
	at react.auth.AuthModule$2.perform(AuthModule.java:79)
	at org.pac4j.play.CallbackController.lambda$callback$0(CallbackController.java:56)
	at java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1604)
	... 7 common frames omitted
b
Hi Jensen! Who is your Identity Provider?
a
b
Do you mind sending over the .well-known URL they expose?
a
Hi @big-carpet-38439, it’s something like this, the first block is our oauth domain, and the there the hash at the back. each application we create on fusionauth creates their own unique discovery URL.
For instance Airflow .well-known URL is different from Datahub’s rn.
b
I see. Okay. It'd be useful to see what information is returned from that URL, as it seems to be either a signature verification issue
a
It returned something like this on the url
f
My team is getting a similar error. Here are some logs from the fronend.
Copy code
2021-08-11 20:21:53	
00:21:53 [application-akka.actor.default-dispatcher-371] WARN  o.p.o.profile.creator.TokenValidator - Preferred JWS algorithm: null not available. Using all metadata algorithms: [PS384, ES384, RS384, HS256, HS512, ES256, RS256, HS384, ES512, PS256, PS512, RS512]
2021-08-11 20:21:53	
00:21:53 [application-akka.actor.default-dispatcher-371] WARN  o.p.o.profile.creator.TokenValidator - Preferred JWS algorithm: null not available. Using all metadata algorithms: [PS384, ES384, RS384, HS256, HS512, ES256, RS256, HS384, ES512, PS256, PS512, RS512]
2021-08-11 20:21:53	
00:21:53 [application-akka.actor.default-dispatcher-371] ERROR react.auth.AuthModule$2 - Unable to renew the session. The session store may not support this feature
2021-08-11 20:21:53	
00:21:53 [application-akka.actor.default-dispatcher-371] ERROR react.auth.AuthModule$2 - Unable to renew the session. The session store may not support this feature
2021-08-11 20:21:53	
00:21:53 [application-akka.actor.default-dispatcher-371] ERROR akka.actor.ActorSystemImpl - Internal server error, sending 500 response
2021-08-11 20:21:53	
00:21:53 [application-akka.actor.default-dispatcher-371] ERROR akka.actor.ActorSystemImpl - Internal server error, sending 500 response
we are using keycloak.org as our oidc identity provider.
b
Thank you!
Interested that "null" is the algo being returned here
m
Hello, has this problem been solved? How to solve it
8 Views
Open in Slack
PreviousNext
Powered by