Getting 400 error

taltsafrir · April 17, 2024, 10:43am

Hi, we are version 2.7 and from time to time we are getting 400 error after login to okta

Mantas · April 17, 2024, 11:16am

Would you mind elaborating more, could you share your config.yml?
Are there any error messages in your OpenSearch nodes?

Thanks,
mj

taltsafrir · May 7, 2024, 8:32am

no errors in opensearch nodes @Mantas

taltsafrir · May 7, 2024, 8:35am

Extracting JWT token from eyJhbGciOiJIUzUxMiJ9.eyJuYmYiOjE3MTQ5ODA2NDAsImV4cCI6MTcxNTA2NzA0MCwic3ViIjoiZGFuaWVsLnZpbm9rdXJvdkBodW1hbnNlY3VyaXR5LmNvbSIsInNhbWxfbmlmIjoidSIsInNhbWxfc2kiOiJPTkVMT0dJTl8yZTE2MTc0Ny1kYmQxLTRjYzUtODU5MC05ZWZmMGZmMjY0ZjUiLCJyb2xlcyI6bnVsbH0.12LsK9DeP-AM2MFAIWEjWpqfjjaovkarF86PvBHjGEUQzBSlWHdJVvMc_eoPGkFKwsmUXScT-7K-z9NlXTAKPw failed

com.amazon.dlic.auth.http.jwt.keybyoidc.BadCredentialsException: The token has expired

Mantas · May 8, 2024, 2:05pm

Hi @taltsafrir,

How are you mapping your SAML user (JWT token) to internal OpenSearch roles?

Usually, you would use a roles_key (see sample below, it’s missing in your config) as a backend role mapped to an internal OpenSearch role, however, your role is null (see below).

config.dynamic.authc.saml_auth_domain.http_authenticator.config.roles_key: roles

Best,
mj

Topic		Replies	Views
Jwt error in opensearch Security	3	617	January 12, 2023
Getting 400 bad request Security troubleshoot	6	31	December 12, 2024
Receiving error after access token expires Security	3	992	September 7, 2023
Roles key warnings Security troubleshoot	3	259	December 5, 2023
500 server internal error Security troubleshoot	1	23	October 30, 2024

Getting 400 error

Related topics