Hi Ümit,
Thanks for your reply. We are using Keycloak and the JWKS does contain
this parameter. I will continue to debug but any suggestions would be
greatly appreciated.
Cheers,
Laurence
On 23.03.23 11:42, Ümit Seren wrote:
If you use AzureAD as your identity provider beware that their JWKS
json doesn't contain the alg parameter.
We opened an issue: https://bugs.schedmd.com/show_bug.cgi?id=16168 and
it is confirmed.
As a workaround you can use this jq query to add the alg to the jwks
json that you get from AzureAD:
|curl -s https://login.microsoftonline.com/TENANT/discovery/v2.0/keys
| jq '.keys |= map(.alg="RS256")' > $TMPFILE
|
Hope this helps
Best
Ümit
On Thu, Mar 23, 2023 at 11:26 AM Laurence <laurence.fi...@cern.ch> wrote:
Hi,
I am trying to configure SLURM to use external authentication for
JWT as described in the documentation.
https://slurm.schedmd.com/jwt.html
JWT Authentication worked when I tested the setup for standalone
use but am having difficulty with tokens from our oauth provider.
My first question is has anyone successfully done this? My second
question is on the example code to verify the jwt key. Is the
example up to date as it doesn't work for me. The final question
is does anyone have any suggestions on the concrete error reported
in the slurmctld log.
/slurmctld: error: failed to verify jwt, rc=22//
//slurmctld: error: could not find matching kid or decode failed/
Thanks,
Laurence
