[slurm-users] External Authentication Integration with JWKS and RS256 Tokens

Ümit Seren uemit.seren at gmail.com
Thu Mar 23 10:42:06 UTC 2023


If you use AzureAD as your identity provider beware that their JWKS json
doesn't contain the alg parameter.
We opened an issue: https://bugs.schedmd.com/show_bug.cgi?id=16168 and it
is confirmed.
As a workaround you can use this jq query to add the alg to the jwks json
that you get from AzureAD:
curl -s https://login.microsoftonline.com/TENANT/discovery/v2.0/keys | jq
'.keys |= map(.alg="RS256")' > $TMPFILE

Hope this helps
Best
Ümit

On Thu, Mar 23, 2023 at 11:26 AM Laurence <laurence.field at cern.ch> wrote:

> Hi,
>
> I am trying to configure SLURM to use external authentication for JWT as
> described in the documentation.
>
> https://slurm.schedmd.com/jwt.html
>
> JWT Authentication worked when I tested the setup for standalone use but
> am having difficulty with tokens from our oauth provider.
>
> My first question is has anyone successfully done this? My second question
> is on the example code to verify the jwt key. Is the example up to date as
> it doesn't work for me. The final question is does anyone have any
> suggestions on the concrete error reported in the slurmctld log.
>
> *slurmctld: error: failed to verify jwt, rc=22*
> *slurmctld: error: could not find matching kid or decode failed*
>
> Thanks,
>
> Laurence
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20230323/85ee85a5/attachment.htm>


More information about the slurm-users mailing list