If you use AzureAD as your identity provider beware that their JWKS json doesn't contain the alg parameter. We opened an issue: https://bugs.schedmd.com/show_bug.cgi?id=16168 and it is confirmed. As a workaround you can use this jq query to add the alg to the jwks json that you get from AzureAD: curl -s https://login.microsoftonline.com/TENANT/discovery/v2.0/keys | jq '.keys |= map(.alg="RS256")' > $TMPFILE
Hope this helps Best Ümit On Thu, Mar 23, 2023 at 11:26 AM Laurence <laurence.fi...@cern.ch> wrote: > Hi, > > I am trying to configure SLURM to use external authentication for JWT as > described in the documentation. > > https://slurm.schedmd.com/jwt.html > > JWT Authentication worked when I tested the setup for standalone use but > am having difficulty with tokens from our oauth provider. > > My first question is has anyone successfully done this? My second question > is on the example code to verify the jwt key. Is the example up to date as > it doesn't work for me. The final question is does anyone have any > suggestions on the concrete error reported in the slurmctld log. > > *slurmctld: error: failed to verify jwt, rc=22* > *slurmctld: error: could not find matching kid or decode failed* > > Thanks, > > Laurence >
