Menu
▾
▴
Re: [Unity-idm-discuss] Algorithm on token introspection
|
From: Bernd S. <b.s...@fz...> - 2025-10-10 12:37:26
|
hi, ... just a thought, while the algorithm itself is supported in JOSE since a long time, maybe there is some bug going on. There are two keys under https://proxy.acc.myaccessid.org/OIDC/jwks one is RSA, the other EC. Maybe the introspection algorithm check uses the RSA key and complains about the ES algo? Best regards, Bernd On 10/10/25 14:31, Krzysztof Benedyczak wrote: > W dniu 10.10.2025 o 14:07, Sander Apweiler pisze: >> Dear Krzysztof, >> dear Roman, >> >> We are working on integration with EOSC and configuring the token >> introspection for this. It seems that EOSC AAI uses an algorithm, which >> is not supportet by unity: >> >> 2025-10-07T12:16:56,494 [qtp1797879583-58] DEBUG unity.server.oauth.RemoteTokenIntrospectionService: Remote token introspection, token ...1cda2b >> 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthDiscoveryMetadataCache: Get fresh oauth OIDC metadata fromhttps://proxy.acc.myaccessid.org/.well-known/openid-configuration >> 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OpenIdConnectDiscovery: Download metadata fromhttps://proxy.acc.myaccessid.org/.well-known/openid-configuration >> 2025-10-07T12:16:56,674 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthJWKSetCache: Get fresh JWKSet fromhttps://proxy.acc.myaccessid.org/OIDC/jwks >> 2025-10-07T12:16:56,675 [qtp1797879583-58] DEBUG unity.server.oauth.KeyResource: Download JWKSet fromhttps://proxy.acc.myaccessid.org/OIDC/jwks >> 2025-10-07T12:16:56,752 [qtp1797879583-58] ERROR unity.server.oauth.RemoteTokenIntrospectionService: Invalid sign of token ...1cda2b >> com.nimbusds.jose.JOSEException: Unsupported JWS algorithm ES256, must be RS256, RS384, RS512, PS256, PS384 or PS512 >> >> Is there a possibility to support ES256 as well or requires this code >> changes? > > > This is strange - this algorithm should be supported since long time. > Can you please provide which version of Unity you are using and which JDK? > > Also - is there an option to get some token for verification (can be > expired)? > > Thanks, > Krzysztof > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Dr. Bernd Schuller Large Scale Data Science, Juelich Supercomputing Centre https://www.fz-juelich.de/ias/jsc Phone: +49 246161-8736 |
