dosubot[bot] commented on issue #30920: URL: https://github.com/apache/superset/issues/30920#issuecomment-2475965304
<!-- Greeting --> Hey @Nandhan007! I'm here to help you with the issue you're facing. Let's work together to solve this! <!-- Answer --> I found a similar discussion regarding changing the default JWT token algorithm in Superset from HS256 to RS256, which might be relevant to your issue. You can check it out [here](https://github.com/apache/superset/discussions/30316) <sup>[[1]](https://github.com/apache/superset/discussions/30316)</sup>. In your case, the error "**the specified alg value is not allowed**" suggests a mismatch in the JWT algorithm configuration between Superset and Keycloak. Superset's default JWT algorithm is HS256, while Keycloak uses RS256. To resolve this, you need to ensure that both systems are configured to use compatible algorithms. Here are some steps you can take to address the issue: 1. **Configure Superset to Use RS256**: Update your Superset configuration to use RS256 for JWT tokens. You can do this by setting the `GUEST_TOKEN_JWT_ALGO` to "RS256" in your `superset_config.py`: ```python GUEST_TOKEN_JWT_ALGO = "RS256" ``` 2. **Provide the Public Key for RS256**: Since RS256 is an asymmetric algorithm, you need to provide the public key from Keycloak to Superset for token verification. Ensure that the public key is correctly configured in Superset. 3. **Check Keycloak Configuration**: Verify that Keycloak is set up to issue tokens with the RS256 algorithm and that the public key is accessible to Superset. 4. **Review Superset Logs**: Check the Superset logs for any additional error messages that might provide more context on the issue. 5. **Ensure Consistent Token Handling**: Make sure that the tokens are being handled consistently across your application, especially when dealing with SSO and guest access. By aligning the JWT algorithm settings and ensuring that the necessary keys are correctly configured, you should be able to resolve the algorithm mismatch issue. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
