We are using ADFS 3.0 as IDP and we are trying to pass bearer token directly to kong by setting Authorization Bearer <> and we are using below config in oidc plugins to do that. But we are getting below response:
"Wed Feb 27 17:35:46 IST 2019:WARN:Authentication error: Unable to respond to any of these challenges: {bearer=WWW-Authenticate: Bearer realm="kong",error="JSON decoding failed"}
Using this token we are able to get user-info from adfs by making a call through postman but it is not working with kong oidc plugin.
user-info we are getting from adfs
{
"sub": "Kow4qiYpOkTYJ6XPCh6FvpB1nvhUxsF2SbpPE0ynauA="
}
We need to understand how kong work with this user-info? Does it use only sub or it is expecting something more like username, email-id etc... and based on this it authorizes the access.
@Trojan295 ,
We are using ADFS 3.0 as IDP and we are trying to pass bearer token directly to kong by setting Authorization Bearer <> and we are using below config in oidc plugins to do that. But we are getting below response:
"Wed Feb 27 17:35:46 IST 2019:WARN:Authentication error: Unable to respond to any of these challenges: {bearer=WWW-Authenticate: Bearer realm="kong",error="JSON decoding failed"}
Below is the OIDC configuration:
oidc config
{ "created_at": 1551254187, "config": { "response_type": "code", "introspection_endpoint": "https://adfs.pocad.com/adfs/oauth2/token", "filters": null, "bearer_only": "no", "ssl_verify": "no", "session_secret": null, "introspection_endpoint_auth_method": null, "realm": "kong", "redirect_after_logout_uri": "/", "scope": "openid", "token_endpoint_auth_method": "client_secret_post", "logout_path": "/logout", "client_id": "8fb898e3-72bc-46b4-89fe-0a90a3f8fb16", "client_secret": "_Iejgj6Yfh7VkpxFvgGJRtrMG4R-ea1RvCCd0Bn1", "discovery": "https://adfs.pocad.com/adfs/.well-known/openid-configuration", "recovery_page_path": null, "redirect_uri_path": "https://xx.xx.xx.xx:8117" }
Access Token we are passing to kong in header
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IjJjaV9wTXBFc25QX0dtRmNGN1lnN09HUnFQbyJ9.eyJhdWQiOiJ1cm46bWljcm9zb2Z0OnVzZXJpbmZvIiwiaXNzIjoiaHR0cDovL2FkZnMucG9jYWQuY29tL2FkZnMvc2VydmljZXMvdHJ1c3QiLCJpYXQiOjE1NTEyNzEyMDMsImV4cCI6MTU1MTI3NDgwMywiYXBwdHlwZSI6IkNvbmZpZGVudGlhbCIsImFwcGlkIjoiOGZiODk4ZTMtNzJiYy00NmI0LTg5ZmUtMGE5MGEzZjhmYjE2IiwiYXV0aG1ldGhvZCI6InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0IiwiYXV0aF90aW1lIjoiMjAxOS0wMi0yN1QwNzo1Nzo1NS43NTVaIiwidmVyIjoiMS4wIiwic2NwIjoib3BlbmlkIiwic3ViIjoiS293NHFpWXBPa1RZSjZYUENoNkZ2cEIxbnZoVXhzRjJTYnBQRTB5bmF1QT0ifQ.DDSKvt-EJ2GYN59Yf3SHZgIIEgEpp48v4inigkD6ahqOVp_ZsLh8f1dtRmjRILkPrAE5AzyUjSeXR1d28Lj45bi4q1ugWQyaVoMOgwxcwF_sTI1HWo7YQhWguh5Y1fZW3FilX4tS9nnKEp7SRkVS9t5sOlk6AMNq50Bf0XZQHNSuZ0OiVRRiL3AQ6X2Y8eXzKTgEC7HhDZrm429SCH1cJxKoXL8gTa73qlT3mu0ZxOTWOZWnL7ImT78Z7XXrj8Tok8YOIuCj1U8x_fDZado0PPLjTuBo6PggqhW7FxHyg3D6JSLFOL4ejX8URsS45AmmqbW_JbLxjvCfwHFMcZYd9Q
Using this token we are able to get user-info from adfs by making a call through postman but it is not working with kong oidc plugin.
user-info we are getting from adfs { "sub": "Kow4qiYpOkTYJ6XPCh6FvpB1nvhUxsF2SbpPE0ynauA=" }
We need to understand how kong work with this user-info? Does it use only sub or it is expecting something more like username, email-id etc... and based on this it authorizes the access.
Would really appreciate your help and support.
Thanks!