Open lotusexpeditor opened 1 year ago
After some debugging, it turns out OpenCTI expects JWT (RS256) but Authentik was responding with a HS256 one in my past configuration.
Besides, In OpenID configuration discovery, It was explicitly declared as HS256.
"Unknown error" message from OpenCTI platform is not enough, should be improved.
I saw the same thing as above, with Authentik responding with an HS256. In my Authentik provider, I set the Signing key to the default certificate in the settings (as opposed to no key), which fixed the problem.
Prerequisites
Description
Cannot configure OpenID login with Authentik software.
I have traced the issue to this line. It seems like !user condition meets but I'm not sure. (https://github.com/OpenCTI-Platform/opencti/blob/e1e65d3d07034b222b5945f00b8c7b184fea607d/opencti-platform/opencti-graphql/src/http/httpPlatform.js#L243)
Environment
Reproducible Steps
Steps to create the smallest reproducible scenario:
Additional information
Oauth token content from authentik logs
Applied OpenCTI OpenID configuration