Authentication error: Unable to respond to any of these challenges: {bearer=WWW-Authenticate: Bearer realm="kong",error="JSON decoding failed"}

[ayan1207]

Now we are passing access token directly in header <<Authorization Bearer <> to kong proxy and we have configured below details in kong-oidc plugin. Can you please help to get this resolved. We are using ADFS 3.0

kong-OIDC Config "config": { "response_type": "code", "introspection_endpoint": "https://xx.xxx.xx.xx/adfs/oauth2/token/", "filters": null, "bearer_only": "yes", "ssl_verify": "no", "session_secret": null, "introspection_endpoint_auth_method": "client_secret_post", "realm": "Bearer", "redirect_after_logout_uri": "/", "scope": "openid", "token_endpoint_auth_method": "client_secret_post", "logout_path": "/logout", "client_id": "8fb898e3-72bc-46b4-89fe-0a90a3f8fb16", "client_secret": "_Iejgj6Yfh7VkpxFvgGJRtrMG4R-ea1RvCCd0Bn1", "discovery": "https://xx.xxx.xx.xx/adfs/.well-known/openid-configuration", "recovery_page_path": null, "redirect_uri_path": "https://xx.xx.xx.xx:8117" },

But we are getting below issues in client side:

Tue Feb 12 17:11:10 IST 2019:DEBUG:Receiving response: HTTP/1.1 401 Unauthorized Tue Feb 12 17:11:10 IST 2019:DEBUG:Connection can be kept alive indefinitely Tue Feb 12 17:11:10 IST 2019:DEBUG:Target requested authentication Tue Feb 12 17:11:10 IST 2019:WARN:Authentication error: Unable to respond to any of these challenges: {bearer=WWW-Authenticate: Bearer realm="Bearer",error="JSON decoding failed"}

in Error log of kong we could see some error but not getting any clue from this log as it shows some browser based error in error.log.PFB

2019/02/12 17:22:07 [debug] 31005#0: 58961 [lua] base_plugin.lua:26: access(): executing plugin "oidc": access 2019/02/12 17:22:07 [debug] 31005#0: 58961 [lua] openidc.lua:374: openidc_call_token_endpoint(): client_secret_post: client_id and cl ient_secret being sent in POST body 2019/02/12 17:22:07 [debug] 31005#0: 58961 [lua] openidc.lua:392: openidc_call_token_endpoint(): request body for introspection endpo int call: clientid=8fb898e3-72bc-46b4-89fe-0a90a3f8fb16&token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IkQtVk1BV0JaZllBWXhvUmFOUEY zLVJ0RXAzVSJ9.eyJhdWQiOiJodHRwczovLzEwLjE0NC4yMC4yNDA6ODExNyIsImlzcyI6Imh0dHA6Ly9hZGZzLnBvY2FkLmNvbS9hZGZzL3NlcnZpY2VzL3RydXN0IiwiaWF0 IjoxNTQ5OTYwNzk1LCJleHAiOjE1NDk5NjQzOTUsImVtYWlsIjoidGVzdEBwb2NhZC5jb20iLCJhcHB0eXBlIjoiQ29uZmlkZW50aWFsIiwiYXBwaWQiOiI4ZmI4OThlMy03Mm JjLTQ2YjQtODlmZS0wYTkwYTNmOGZiMTYiLCJhdXRobWV0aG9kIjoidXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFjOmNsYXNzZXM6UGFzc3dvcmRQcm90ZWN0ZWRUcmFu c3BvcnQiLCJhdXRoX3RpbWUiOiIyMDE5LTAyLTEyVDA4OjM5OjU1LjM0OVoiLCJ2ZXIiOiIxLjAifQ.nMtBVnubGbHpxusQ-UKO9DKVd9vPOMMjrJZvqf4RKG778clGxy1DOt O_1SIx2aBlW56Ya5-Y2dah7eOO3pCtii4F1EEtiRdOf-XLl_TFqrLwgq9YXiAcJkjLtQHcOCUEeUqfcZxAxWWwzcrviLgCMLOesKi4JZtuOdPxO30BXJpRa68QKrtI50FqDvHM J0DPKJKdPBZbVIiS_N09bbTviM3VPfDA6HfLuRvkMygtNUWQagW2EfLxXHMd1hqt8v5Hy1rUKpVOCspHxQDfdfv2-HRSOctqCOnb75pyvJ4T9hhn8s4DvV667udxjar7TPR-yZ zvEAHQ7B8d2c8Kr0-aA&client_secret=_Iejgj6Yfh7VkpxFvgGJRtrMG4R-ea1RvCCd0Bn1 2019/02/12 17:22:07 [debug] 31005#0: 58961 [lua] openidc.lua:354: openidc_configure_proxy(): openidc_configure_proxy : don't use http proxy 2019/02/12 17:22:07 [debug] 31005#0: *58961 [lua] http.lua:633: send_request(): POST /adfs/Oauth2/token/ HTTP/1.1 Content-Type: application/x-www-form-urlencoded User-Agent: lua-resty-http/0.12 (Lua) ngx_lua/10013 Content-Length: 1002 Host: adfs.pocad.com

2019/02/12 17:22:07 [debug] 31005#0: *58961 [lua] openidc.lua:409: openidc_call_token_endpoint(): introspection endpoint response: <! DOCTYPE html>

JavaScript required

JavaScript is required. This web browser does not support JavaScript or JavaScript in this web browser is not enabled.

To find out if your web browser supports JavaScript or to enable JavaScript, see web browser help.

[allenvino1]

Hi @ayan1207. having also the same issue. Have you resolved this?