You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to configure AKHQ (0.21.0) with okta oauth2. (okta is accessible only with a proxy corporate )
The Akhq is serverd with apache
Authenticate against authentication providers is OK
JWT generation is OK ( token is valid i checked it manually)
But micronaut security fail when trying to validate JWT
I get a connection timeout I'm pretty sure this error is related to my corporate proxy ( it look like http.client proxy configuration does not work properly with line )
9m Starting health monitor check
2022-06-30 08:57:17,416 ^[[1;31mERROR^[[0;39m ^[[35mpGroup-1-5^[[0;39m ^[[36m.m.s.t.j.s.j.JwksSignature^[[0;39m Exception loading JWK from https://company.okta-emea.com/oauth2/auswzoolfffeCkr0i7/v1/keys. The JwksSignature will not be used to verify a JWT if further refresh attempts fail
java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:289)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:265)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
;39m JWT validation failed
io.micronaut.security.authentication.AuthenticationException: JWT validation failed
at io.micronaut.security.authentication.AuthenticationResponse.exception(AuthenticationResponse.java:121)
at io.micronaut.security.oauth2.endpoint.authorization.response.DefaultOpenIdAuthorizationResponseHandler.lambda$createAuthenticationResponse$1(DefaultOpenIdAuthorizationResponseHandler.java:171)
at reactor.core.publisher.FluxCreate.subscribe(FluxCreate.java:94)
at reactor.core.publisher.Flux.subscribe(Flux.java:8402)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.onNext(FluxSwitchMap.java:236)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.drain(FluxSwitchMap.java:355)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.innerNext(FluxSwitchMap.java:413)
at reactor.core.publisher.FluxSwitchMap$SwitchMapInner.onNext(FluxSwitchMap.java:512)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onNext(FluxOnErrorResume.java:79)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.SerializedSubscriber.onNext(SerializedSubscriber.java:99)
at reactor.core.publisher.FluxTimeout$TimeoutMainSubscriber.onNext(FluxTimeout.java:180)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.onNext(FluxContextWrite.java:107)
at io.micronaut.configuration.metrics.binder.web.WebMetricsPublisher$1.onNext(WebMetricsPublisher.java:180)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I'm trying to configure AKHQ (0.21.0) with okta oauth2. (okta is accessible only with a proxy corporate )
The Akhq is serverd with apache
Authenticate against authentication providers is OK
JWT generation is OK ( token is valid i checked it manually)
But micronaut security fail when trying to validate JWT
I get a connection timeout I'm pretty sure this error is related to my corporate proxy ( it look like http.client proxy configuration does not work properly with line )
https://github.com/micronaut-projects/micronaut-security/blob/963eabd8bcae21f81ed3679cb0c3215abdf65846/security-jwt/src/main/java/io/micronaut/security/token/jwt/signature/jwks/JwksSignature.java#L166
I tried to put proxy configuration on jvm options ( same think)
Thank you for your Help !
application.yml
micronaut: http: client: proxy-type: HTTP proxy-address: proxy.company.net:8080 security: enabled: true # OIDC authentication configuration oauth2: enabled: true clients: okta: scopes: - openid - profile - akhq_groups client-id: <****> client-secret: <*****> openid: issuer: https://company.okta-emea.com/oauth2/aus2wqdfqfqkr0i7 configuration-path: /.well-known/oauth-authorization-server jwks-uri: https://company.okta-emea.com/oauth2/aus2wqdfqfqkr0i7/v1/keys callback-uri: https://pp-akhq.dns.company.net/akhq/oauth/callback/okta server: host-resolution: protocol-header: X-Forwarded-Proto host-header: Host port-header: X-Forwarded-Port client-address-header: X-Real-IP context-path: "/akhqAKHQ TRACE LOG
9m Starting health monitor check
2022-06-30 08:57:17,416 ^[[1;31mERROR^[[0;39m ^[[35mpGroup-1-5^[[0;39m ^[[36m.m.s.t.j.s.j.JwksSignature^[[0;39m Exception loading JWK from https://company.okta-emea.com/oauth2/auswzoolfffeCkr0i7/v1/keys. The JwksSignature will not be used to verify a JWT if further refresh attempts fail
java.net.ConnectException: Connexion terminée par expiration du délai d'attente (Connection timed out)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:399)
at java.base/java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:242)
at java.base/java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:224)
at java.base/java.net.SocksSocketImpl.connect(SocksSocketImpl.java:403)
at java.base/java.net.Socket.connect(Socket.java:609)
at java.base/sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:289)
at java.base/sun.net.NetworkClient.doConnect(NetworkClient.java:177)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:474)
at java.base/sun.net.www.http.HttpClient.openServer(HttpClient.java:569)
at java.base/sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:265)
at java.base/sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:372)
at java.base/sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:191)
;39m JWT validation failed
io.micronaut.security.authentication.AuthenticationException: JWT validation failed
at io.micronaut.security.authentication.AuthenticationResponse.exception(AuthenticationResponse.java:121)
at io.micronaut.security.oauth2.endpoint.authorization.response.DefaultOpenIdAuthorizationResponseHandler.lambda$createAuthenticationResponse$1(DefaultOpenIdAuthorizationResponseHandler.java:171)
at reactor.core.publisher.FluxCreate.subscribe(FluxCreate.java:94)
at reactor.core.publisher.Flux.subscribe(Flux.java:8402)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.onNext(FluxSwitchMap.java:236)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxMap$MapSubscriber.onNext(FluxMap.java:120)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.drain(FluxSwitchMap.java:355)
at reactor.core.publisher.FluxSwitchMap$SwitchMapMain.innerNext(FluxSwitchMap.java:413)
at reactor.core.publisher.FluxSwitchMap$SwitchMapInner.onNext(FluxSwitchMap.java:512)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onNext(FluxOnErrorResume.java:79)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.SerializedSubscriber.onNext(SerializedSubscriber.java:99)
at reactor.core.publisher.FluxTimeout$TimeoutMainSubscriber.onNext(FluxTimeout.java:180)
at io.micronaut.reactive.reactor.instrument.ReactorSubscriber.onNext(ReactorSubscriber.java:57)
at reactor.core.publisher.FluxContextWrite$ContextWriteSubscriber.onNext(FluxContextWrite.java:107)
at io.micronaut.configuration.metrics.binder.web.WebMetricsPublisher$1.onNext(WebMetricsPublisher.java:180)
Best Regards
Beta Was this translation helpful? Give feedback.
All reactions