[slurm-users] External Authentication Integration with JWKS and RS256 Tokens
laurence.field at cern.ch
Fri Mar 24 09:41:08 UTC 2023
Thanks for your reply. We are using Keycloak and the JWKS does contain
this parameter. I will continue to debug but any suggestions would be
On 23.03.23 11:42, Ümit Seren wrote:
> If you use AzureAD as your identity provider beware that their JWKS
> json doesn't contain the alg parameter.
> We opened an issue: https://bugs.schedmd.com/show_bug.cgi?id=16168 and
> it is confirmed.
> As a workaround you can use this jq query to add the alg to the jwks
> json that you get from AzureAD:
> |curl -s https://login.microsoftonline.com/TENANT/discovery/v2.0/keys
> | jq '.keys |= map(.alg="RS256")' > $TMPFILE
> Hope this helps
> On Thu, Mar 23, 2023 at 11:26 AM Laurence <laurence.field at cern.ch> wrote:
> I am trying to configure SLURM to use external authentication for
> JWT as described in the documentation.
> JWT Authentication worked when I tested the setup for standalone
> use but am having difficulty with tokens from our oauth provider.
> My first question is has anyone successfully done this? My second
> question is on the example code to verify the jwt key. Is the
> example up to date as it doesn't work for me. The final question
> is does anyone have any suggestions on the concrete error reported
> in the slurmctld log.
> /slurmctld: error: failed to verify jwt, rc=22//
> //slurmctld: error: could not find matching kid or decode failed/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the slurm-users