JWT token in the URL params doesn't work

brenda · July 20, 2018, 12:07am

Hi,

This is the continuation of the post: https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!searchin/search-guard/jwt%7Csort:date/search-guard/IpZ3AR_rLrA/WLFkGAsEAQAJ

I am not able to pass JWT token in the URL parameters.

It does work with Header:

curl -k -i http://localhost:5601/app/kibana -H “Authorization: Bearer mytoken”

If I try the same thing with url_params it fails:

curl -k -i http://localhost:5601/app/kibana?Authorization=mytoken

Here is the log

[2018-07-19T23:59:12,398][DEBUG][c.f.s.c.PrivilegesEvaluator] found a match for ‘sg_kibana_server’ and cluster:monitor/nodes/info, skip other roles
[2018-07-19T23:59:12,400][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from jwt http authenticator
[2018-07-19T23:59:12,400][DEBUG][c.f.d.a.h.j.HTTPJwtAuthenticator] Invalid or expired JWT token.
io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 0
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:235) ~[jjwt-0.9.0.jar:0.9.0]
at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.0.jar:0.9.0]
at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.0.jar:0.9.0]
at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator.extractCredentials0(HTTPJwtAuthenticator.java:158) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator.access$000(HTTPJwtAuthenticator.java:48) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator$1.run(HTTPJwtAuthenticator.java:123) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator$1.run(HTTPJwtAuthenticator.java:120) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
at java.security.AccessController.doPrivileged(Native Method) [?:1.8.0_171]
at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator.extractCredentials(HTTPJwtAuthenticator.java:120) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
at com.floragunn.searchguard.auth.BackendRegistry.authenticate(BackendRegistry.java:381) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]
at com.floragunn.searchguard.filter.SearchGuardRestFilter.checkAndAuthenticateRequest(SearchGuardRestFilter.java:125) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]
at com.floragunn.searchguard.filter.SearchGuardRestFilter.access$000(SearchGuardRestFilter.java:48) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]
at com.floragunn.searchguard.filter.SearchGuardRestFilter$1.handleRequest(SearchGuardRestFilter.java:75) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]

``

Any help is appreciated!

Thanks,

Brenda

Topic		Replies	Views
JWT param not working on embedded iframe? Search Guard	2	1914	January 17, 2019
Kibana JWT url param Search Guard	14	725	October 30, 2017
JWT Authentification doesn't work Search Guard	4	578	November 30, 2017
Retrieve Value of JWT Token Created Through Kibana UI Search Guard	3	380	March 22, 2021
authentication failed through jwt Search Guard	5	1055	February 1, 2018

JWT token in the URL params doesn't work

Related Topics