Menu
▾
▴
unity-idm-discuss
|
From: Sander A. <sa....@fz...> - 2025-10-10 12:07:47
Attachments:
smime.p7s
|
Dear Krzysztof, dear Roman, We are working on integration with EOSC and configuring the token introspection for this. It seems that EOSC AAI uses an algorithm, which is not supportet by unity: 2025-10-07T12:16:56,494 [qtp1797879583-58] DEBUG unity.server.oauth.RemoteTokenIntrospectionService: Remote token introspection, token ...1cda2b 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthDiscoveryMetadataCache: Get fresh oauth OIDC metadata from https://proxy.acc.myaccessid.org/.well-known/openid-configuration 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OpenIdConnectDiscovery: Download metadata from https://proxy.acc.myaccessid.org/.well-known/openid-configuration 2025-10-07T12:16:56,674 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthJWKSetCache: Get fresh JWKSet from https://proxy.acc.myaccessid.org/OIDC/jwks 2025-10-07T12:16:56,675 [qtp1797879583-58] DEBUG unity.server.oauth.KeyResource: Download JWKSet from https://proxy.acc.myaccessid.org/OIDC/jwks 2025-10-07T12:16:56,752 [qtp1797879583-58] ERROR unity.server.oauth.RemoteTokenIntrospectionService: Invalid sign of token ...1cda2b com.nimbusds.jose.JOSEException: Unsupported JWS algorithm ES256, must be RS256, RS384, RS512, PS256, PS384 or PS512 Is there a possibility to support ES256 as well or requires this code changes? Best regards, Sander -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
|
From: Krzysztof B. <kb...@un...> - 2025-10-10 12:31:53
|
W dniu 10.10.2025 o 14:07, Sander Apweiler pisze: > Dear Krzysztof, > dear Roman, > > We are working on integration with EOSC and configuring the token > introspection for this. It seems that EOSC AAI uses an algorithm, which > is not supportet by unity: > > 2025-10-07T12:16:56,494 [qtp1797879583-58] DEBUG unity.server.oauth.RemoteTokenIntrospectionService: Remote token introspection, token ...1cda2b > 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthDiscoveryMetadataCache: Get fresh oauth OIDC metadata fromhttps://proxy.acc.myaccessid.org/.well-known/openid-configuration > 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OpenIdConnectDiscovery: Download metadata fromhttps://proxy.acc.myaccessid.org/.well-known/openid-configuration > 2025-10-07T12:16:56,674 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthJWKSetCache: Get fresh JWKSet fromhttps://proxy.acc.myaccessid.org/OIDC/jwks > 2025-10-07T12:16:56,675 [qtp1797879583-58] DEBUG unity.server.oauth.KeyResource: Download JWKSet fromhttps://proxy.acc.myaccessid.org/OIDC/jwks > 2025-10-07T12:16:56,752 [qtp1797879583-58] ERROR unity.server.oauth.RemoteTokenIntrospectionService: Invalid sign of token ...1cda2b > com.nimbusds.jose.JOSEException: Unsupported JWS algorithm ES256, must be RS256, RS384, RS512, PS256, PS384 or PS512 > > Is there a possibility to support ES256 as well or requires this code > changes? This is strange - this algorithm should be supported since long time. Can you please provide which version of Unity you are using and which JDK? Also - is there an option to get some token for verification (can be expired)? Thanks, Krzysztof |
|
From: Bernd S. <b.s...@fz...> - 2025-10-10 12:37:26
Attachments:
smime.p7s
|
hi, ... just a thought, while the algorithm itself is supported in JOSE since a long time, maybe there is some bug going on. There are two keys under https://proxy.acc.myaccessid.org/OIDC/jwks one is RSA, the other EC. Maybe the introspection algorithm check uses the RSA key and complains about the ES algo? Best regards, Bernd On 10/10/25 14:31, Krzysztof Benedyczak wrote: > W dniu 10.10.2025 o 14:07, Sander Apweiler pisze: >> Dear Krzysztof, >> dear Roman, >> >> We are working on integration with EOSC and configuring the token >> introspection for this. It seems that EOSC AAI uses an algorithm, which >> is not supportet by unity: >> >> 2025-10-07T12:16:56,494 [qtp1797879583-58] DEBUG unity.server.oauth.RemoteTokenIntrospectionService: Remote token introspection, token ...1cda2b >> 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthDiscoveryMetadataCache: Get fresh oauth OIDC metadata fromhttps://proxy.acc.myaccessid.org/.well-known/openid-configuration >> 2025-10-07T12:16:56,495 [qtp1797879583-58] DEBUG unity.server.oauth.OpenIdConnectDiscovery: Download metadata fromhttps://proxy.acc.myaccessid.org/.well-known/openid-configuration >> 2025-10-07T12:16:56,674 [qtp1797879583-58] DEBUG unity.server.oauth.OAuthJWKSetCache: Get fresh JWKSet fromhttps://proxy.acc.myaccessid.org/OIDC/jwks >> 2025-10-07T12:16:56,675 [qtp1797879583-58] DEBUG unity.server.oauth.KeyResource: Download JWKSet fromhttps://proxy.acc.myaccessid.org/OIDC/jwks >> 2025-10-07T12:16:56,752 [qtp1797879583-58] ERROR unity.server.oauth.RemoteTokenIntrospectionService: Invalid sign of token ...1cda2b >> com.nimbusds.jose.JOSEException: Unsupported JWS algorithm ES256, must be RS256, RS384, RS512, PS256, PS384 or PS512 >> >> Is there a possibility to support ES256 as well or requires this code >> changes? > > > This is strange - this algorithm should be supported since long time. > Can you please provide which version of Unity you are using and which JDK? > > Also - is there an option to get some token for verification (can be > expired)? > > Thanks, > Krzysztof > > > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Dr. Bernd Schuller Large Scale Data Science, Juelich Supercomputing Centre https://www.fz-juelich.de/ias/jsc Phone: +49 246161-8736 |
|
From: Krzysztof B. <kb...@un...> - 2025-10-10 12:43:30
|
W dniu 10.10.2025 o 14:37, Bernd Schuller pisze: > hi, > > ... just a thought, while the algorithm itself is supported in JOSE > since a long time, maybe there is some bug going on. > > There are two keys under https://proxy.acc.myaccessid.org/OIDC/jwks > one is RSA, the other EC. Maybe the introspection algorithm check uses > the RSA key and complains about the ES algo? Hmm, maybe... but the error message is not suggesting that. @Sander, is there a stack trace in you log? Krzysztof |
|
From: Sander A. <sa....@fz...> - 2025-10-14 06:59:02
Attachments:
smime.p7s
token-introspection.log
|
Good morning, please find attached the stack trace. The current Java version is: openjdk 21.0.8 2025-07-15 OpenJDK Runtime Environment (build 21.0.8+9-Ubuntu-0ubuntu122.04.1) OpenJDK 64-Bit Server VM (build 21.0.8+9-Ubuntu-0ubuntu122.04.1, mixed mode, sharing) Best regards, Sander On Fri, 2025-10-10 at 14:43 +0200, Krzysztof Benedyczak wrote: > > W dniu 10.10.2025 o 14:37, Bernd Schuller pisze: > > > > hi, > > > > ... just a thought, while the algorithm itself is supported in > > JOSE since a long time, maybe there is some bug going on. > > > > There are two keys under > > https://proxy.acc.myaccessid.org/OIDC/jwks > > one is RSA, the other EC. Maybe the introspection algorithm check > > uses the RSA key and complains about the ES algo? > > > > > > > Hmm, maybe... but the error message is not suggesting that. @Sander, > is there a stack trace in you log? > > Krzysztof > > _______________________________________________ > Unity-idm-discuss mailing list > Uni...@li... > https://lists.sourceforge.net/lists/listinfo/unity-idm-discuss -- Large-Scale Data Science Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Jülich GmbH 52425 Jülich Sitz der Gesellschaft: Jülich Eingetragen im Handelsregister des Amtsgerichts Düren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Stefan Müller Geschäftsführung: Prof. Dr. Astrid Lambrecht (Vorsitzende), Dr. Stephanie Bauer (stellvertretende Vorsitzende), Prof. Dr. Ir. Pieter Jansens, Prof. Dr. Laurens Kuipers ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X