Roles key warnings

taltsafrir · December 4, 2023, 8:34pm

hi! im getting this warnings a lot in my opensearch logs:
2023-12-04T18:40:09.703311000Z [2023-12-04T18:40:09,702][WARN ][c.a.d.a.h.j.AbstractHTTPJwtAuthenticator] [opensearch-bd-research-coordinating-1] Failed to get roles from JWT claims with roles_key ‘roles’. Check if this key is correct and available in the JWT payload.

2023-12-04T18:40:09.806994000Z [2023-12-04T18:40:09,806][WARN ][o.o.s.h.HTTPBasicAuthenticator] [opensearch-bd-research-coordinating-1] No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’

2023-12-04T18:40:09.807870000Z [2023-12-04T18:40:09,807][WARN ][c.a.d.a.h.j.AbstractHTTPJwtAuthenticator] [opensearch-bd-research-coordinating-1] Failed to get roles from JWT claims with roles_key ‘roles’. Check if this key is correct and available in the JWT payload.

my configuration is with saml:

pablo · December 4, 2023, 8:36pm

@taltsafrir What is your SAML IdP?
The error means that the security plugin can’t extract assigned roles from the incoming JWT token.

taltsafrir · December 5, 2023, 8:40am

Okta

taltsafrir · December 5, 2023, 11:54am

ok so I solved to problem with role key
but i’m still getting this error:
No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’

I see it’s an open bug

github.com/opensearch-project/security

[BUG] Lots of waring message `No 'Basic Authorization' header, send 401 and 'WWW-Authenticate Basic'` in log

opened 05:53AM - 31 Aug 23 UTC

closed 04:19PM - 19 Sep 23 UTC

Hailong-am

bug good first issue help wanted triaged

**What is the bug?** When i enable both SAML and basic auth and login with SA…ML, there have lots of basic auth warning message `[2023-08-31T13:35:04,053][WARN ][o.o.s.h.HTTPBasicAuthenticator] [bcd07463160c] No 'Basic Authorization' header, send 401 and 'WWW-Authenticate Basic'` printed in OpenSearch log file **How can one reproduce the bug?** Steps to reproduce the behavior: 1. Go to '...' 2. Click on '....' 3. Scroll down to '....' 4. See error **What is the expected behavior?** Don't print warning message or should this be debug level **What is your host/environment?** - OS: [e.g. iOS] - Version [e.g. 22] - Plugins **Do you have any screenshots?** ![image](https://github.com/opensearch-project/security/assets/113890546/2e8e6588-9f2c-41b6-b567-aaad845d6c05) enable both SAML and basic ![image](https://github.com/opensearch-project/security/assets/113890546/e3eb7410-50fc-4b7e-bc2d-ab371b89c32f) **Do you have any additional context?** Add any other context about the problem.

do we have any solution for this?

Topic		Replies	Views
OpenID Connect - debug payload General Feedback	1	574	August 12, 2021
Backend_roles in roles mapping seems to be ignored when using OpenID Security troubleshoot	9	2112	August 5, 2022
Security roles mapping question Security discuss	3	117	February 29, 2024
Tracing JWT authentication for OpenID and debugging the JWT payload do not work Security	3	207	December 7, 2023
OpenIDConnect Integration with Google fails to retrieve roles info Security	4	770	September 20, 2021

Roles key warnings

Related Topics