Open routerino opened 1 year ago
Describe the issue
Attempting OIDC integration with Fusion Auth. Previously successful setting up with Keycloak. Getting the following error:
{"level":"warn","ts":1679792857.4263055,"logger":"security","msg":"Authentication failed","session_id":"k7BE2j8WU85wfLSuH8C85WbxrxNFjTDtqvt2FxPoAi2","request_id":"d6c479e7-1776-4540-904f-35ee764c69c4","error":"failed validating OAuth 2.0 access token: OAuth 2.0 failed to parse id_token: OAuth 2.0 id_token signed with unsupported algorithm: HS256"}
Configuration
{ # do not attempt to install certs on the docker container skip_install_trust # security settings order authenticate before respond order authorize before basicauth security { oauth identity provider <mydomain> { delay_start 5 driver generic realm <mydomain> client_id 3e6c5bd0-e0fa-431d-b588-c06c10062578 client_secret <redacted> scopes openid email profile metadata_url https://login.<mydomain>/.well-known/openid-configuration/a17c408d-98d6-2805-711d-03f6fcd191cd } authentication portal defaultAuth { crypto default token lifetime 3600 crypto key sign-verify <redacted> enable identity provider <mydomain> cookie domain *.<mydomain>.com.au ui { links { "dev.<mydomain>.com.au" https://dev.<mydomain>.com.au/?folder=/mnt/containers icon "las la-star" "dev-hs-ui.<mydomain>.com.au" https://dev-hs-ui.<mydomain>.com.au/ icon "las la-star" "My Identity" "/whoami" icon "las la-user" } } transform user { match origin <mydomain> action add role authp/user } } authorization policy defaultPolicy { set auth url https://sso.<mydomain>.com.au allow roles authp/user crypto key verify <redacted> } } }
Version Information
Provide output of caddy list-modules -versions | grep git below:
caddy list-modules -versions | grep git
dns.providers.cloudflare http.authentication.providers.authorizer http.handlers.authenticator security Non-standard modules: 4
Expected behavior
Successful Login
As a note it does appear (as the error code implies) that fusionauth defaults to HS256 for signing its tokens. By downgrading to RSA256 the problem is solved, but going to leave this open as a compatibility problem.
Describe the issue
Attempting OIDC integration with Fusion Auth. Previously successful setting up with Keycloak. Getting the following error:
Configuration
Version Information
Provide output of
caddy list-modules -versions | grep git
below:Expected behavior
Successful Login