I’m trying to autenticate to OpenSearch using a JWT token and i keep getting the following error:
[2022-09-05T10:24:00,610][WARN ][o.o.s.h.HTTPBasicAuthenticator] [mikeVIrtual] No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’
This is my config.yml:
authc: basic_internal_auth_domain: description: "Authenticate via HTTP Basic against internal users database" http_enabled: true transport_enabled: true order: 1 http_authenticator: type: basic challenge: true authentication_backend: type: intern jwt_auth_domain: description: "Authenticate via Json Web Token" http_enabled: true transport_enabled: true order: 0 http_authenticator: type: jwt challenge: false config: signing_key: YmlnIHNlY3JldA== jwt_header: "Authorization" jwt_url_parameter: null roles_key: roles subject_key: sub authentication_backend: type: noop
And this is my postman request:
This is how i’m generating the token (it doesn’t even matter right now because it’s not even evaluating if the token is valid or not from the above error):
{
“sub”: “admin”,
“iat”: 1662357733,
“exp”: 1667620920,
“roles”: “own_index, all_access”
}
It’s also a bit unclear if these validated registered claims from the documentation are mandatory or optional.
I also believe that the enabled flag from the documentation config example is deprecated since i’m getting an unknown argument error if i’m trying to use it in the config.yml.
Any help would be really appreciated, i’ve been reading and experimenting with the configuration for over a week without any results. Thanks!