[slurm-users] External Authentication Integration with JWKS and RS256 Tokens
Laurence Field
laurence.field at cern.ch
Fri Mar 24 09:41:08 UTC 2023
Hi Ümit,
Thanks for your reply. We are using Keycloak and the JWKS does contain
this parameter. I will continue to debug but any suggestions would be
greatly appreciated.
Cheers,
Laurence
On 23.03.23 11:42, Ümit Seren wrote:
> If you use AzureAD as your identity provider beware that their JWKS
> json doesn't contain the alg parameter.
> We opened an issue: https://bugs.schedmd.com/show_bug.cgi?id=16168 and
> it is confirmed.
> As a workaround you can use this jq query to add the alg to the jwks
> json that you get from AzureAD:
> |curl -s https://login.microsoftonline.com/TENANT/discovery/v2.0/keys
> | jq '.keys |= map(.alg="RS256")' > $TMPFILE
> |
> Hope this helps
> Best
> Ümit
>
> On Thu, Mar 23, 2023 at 11:26 AM Laurence <laurence.field at cern.ch> wrote:
>
> Hi,
>
> I am trying to configure SLURM to use external authentication for
> JWT as described in the documentation.
>
> https://slurm.schedmd.com/jwt.html
>
> JWT Authentication worked when I tested the setup for standalone
> use but am having difficulty with tokens from our oauth provider.
>
> My first question is has anyone successfully done this? My second
> question is on the example code to verify the jwt key. Is the
> example up to date as it doesn't work for me. The final question
> is does anyone have any suggestions on the concrete error reported
> in the slurmctld log.
>
> /slurmctld: error: failed to verify jwt, rc=22//
> //slurmctld: error: could not find matching kid or decode failed/
>
> Thanks,
>
> Laurence
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.schedmd.com/pipermail/slurm-users/attachments/20230324/78c16f34/attachment.htm>
More information about the slurm-users
mailing list