You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to configure AKHQ (0.21.0) based on micronaut v3.0.1 with okta oauth2. (okta is accessible only with a proxy corporate )
Authenticate against authentication providers is OK
JWT generation is OK ( token is valid i checked it manually)
But micronaut security fail when trying to validate JWT
I get a connection timeout I'm pretty sure this error is related to my corporate proxy ( it look like http.client proxy configuration does not serve url load function on JwkSiganture.java line 166 )
` @nullable
protected JWKSet loadJwkSet(String url) {
if (url == null) {
return null;
}
try {
return JWKSet.load(new URL(url));
} catch (IOException | ParseException e) {
if (LOG.isErrorEnabled()) {
LOG.error("Exception loading JWK from " + url + ". The JwksSignature will not be used to verify a JWT if further refresh attempts fail", e);
}
}
return null;
}`
I tried to put proxy configuration on jvm options ( same think)
9m Starting health monitor check
2022-06-30 08:57:17,416 ^[[1;31mERROR^[[0;39m ^[[35mpGroup-1-5^[[0;39m ^[[36m.m.s.t.j.s.j.JwksSignature^[[0;39m Exception loading JWK from https://company.okta-emea.com/oauth2/auswzoolfffeCkr0i7/v1/keys. The JwksSignature will not be used to verify a JWT if further refresh attempts fail
java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:289)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:265)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
;39m JWT validation failed
io.micronaut.security.authentication.AuthenticationException: JWT validation failed
at io.micronaut.security.authentication.AuthenticationResponse.exception(AuthenticationResponse.java:121)
at io.micronaut.security.oauth2.endpoint.authorization.response.DefaultOpenIdAuthorizationResponseHandler.lambda$createAuthenticationResponse$1(DefaultOpenIdAuthorizationResponseHandler.java:171)
at reactor.core.publisher.FluxCreate.subscribe(FluxCreate.java:94)
at reactor.core.publisher.Flux.subscribe(Flux.java:8402)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.onNext(FluxSwitchMap.java:236)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.drain(FluxSwitchMap.java:355)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.innerNext(FluxSwitchMap.java:413)
at reactor.core.publisher.FluxSwitchMap$SwitchMapInner.onNext(FluxSwitchMap.java:512)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onNext(FluxOnErrorResume.java:79)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.SerializedSubscriber.onNext(SerializedSubscriber.java:99)
at reactor.core.publisher.FluxTimeout$TimeoutMainSubscriber.onNext(FluxTimeout.java:180)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.onNext(FluxContextWrite.java:107)
at io.micronaut.configuration.metrics.binder.web.WebMetricsPublisher$1.onNext(WebMetricsPublisher.java:180)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I'm trying to configure AKHQ (0.21.0) based on micronaut v3.0.1 with okta oauth2. (okta is accessible only with a proxy corporate )
Authenticate against authentication providers is OK
JWT generation is OK ( token is valid i checked it manually)
But micronaut security fail when trying to validate JWT
I get a connection timeout I'm pretty sure this error is related to my corporate proxy ( it look like http.client proxy configuration does not serve url load function on JwkSiganture.java line 166 )
` @nullable
protected JWKSet loadJwkSet(String url) {
if (url == null) {
return null;
}
try {
return JWKSet.load(new URL(url));
} catch (IOException | ParseException e) {
if (LOG.isErrorEnabled()) {
LOG.error("Exception loading JWK from " + url + ". The JwksSignature will not be used to verify a JWT if further refresh attempts fail", e);
}
}
I tried to put proxy configuration on jvm options ( same think)
Thank you for your Help !
application.yml
micronaut: http: client: proxy-type: HTTP proxy-address: proxy.company.net:8080 security: enabled: true # OIDC authentication configuration oauth2: enabled: true clients: okta: scopes: - openid - profile - akhq_groups client-id: <****> client-secret: <*****> openid: issuer: https://company.okta-emea.com/oauth2/aus2wqdfqfqkr0i7 configuration-path: /.well-known/oauth-authorization-server jwks-uri: https://company.okta-emea.com/oauth2/aus2wqdfqfqkr0i7/v1/keys callback-uri: https://pp-akhq.dns.company.net/akhq/oauth/callback/okta server: host-resolution: protocol-header: X-Forwarded-Proto host-header: Host port-header: X-Forwarded-Port client-address-header: X-Real-IP context-path: "/akhqAKHQ TRACE LOG
9m Starting health monitor check
2022-06-30 08:57:17,416 ^[[1;31mERROR^[[0;39m ^[[35mpGroup-1-5^[[0;39m ^[[36m.m.s.t.j.s.j.JwksSignature^[[0;39m Exception loading JWK from https://company.okta-emea.com/oauth2/auswzoolfffeCkr0i7/v1/keys. The JwksSignature will not be used to verify a JWT if further refresh attempts fail
java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:289)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:265)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
;39m JWT validation failed
io.micronaut.security.authentication.AuthenticationException: JWT validation failed
at io.micronaut.security.authentication.AuthenticationResponse.exception(AuthenticationResponse.java:121)
at io.micronaut.security.oauth2.endpoint.authorization.response.DefaultOpenIdAuthorizationResponseHandler.lambda$createAuthenticationResponse$1(DefaultOpenIdAuthorizationResponseHandler.java:171)
at reactor.core.publisher.FluxCreate.subscribe(FluxCreate.java:94)
at reactor.core.publisher.Flux.subscribe(Flux.java:8402)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.onNext(FluxSwitchMap.java:236)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.drain(FluxSwitchMap.java:355)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.innerNext(FluxSwitchMap.java:413)
at reactor.core.publisher.FluxSwitchMap$SwitchMapInner.onNext(FluxSwitchMap.java:512)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onNext(FluxOnErrorResume.java:79)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.SerializedSubscriber.onNext(SerializedSubscriber.java:99)
at reactor.core.publisher.FluxTimeout$TimeoutMainSubscriber.onNext(FluxTimeout.java:180)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.onNext(FluxContextWrite.java:107)
at io.micronaut.configuration.metrics.binder.web.WebMetricsPublisher$1.onNext(WebMetricsPublisher.java:180)
Best Regards
Beta Was this translation helpful? Give feedback.
All reactions