I am trying setup OAuth2-OpenID Connect with ForgeRock OpenAM integrated with spring security and am getting the following error
2019-06-17 15:01:42.576 DEBUG 62255 --- [nio-8090-exec-2] .o.s.r.w.BearerTokenAuthenticationFilter :
Authentication request for failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException:
An error occurred while attempting to decode the Jwt:
Signed JWT rejected: Another algorithm expected, or no matching key(s) found
The Jwk .well-known uri returns the following supported algorithms:
"id_token_signing_alg_values_supported": [
"PS384",
"ES384",
"RS384",
"HS256",
"HS512",
"ES256",
"RS256",
"HS384",
"ES512",
"PS256",
"PS512",
"RS512"
]
The decoded JWT shows the following header:
{
"typ": "JWT",
"zip": "NONE",
"alg": "HS256"
}
Is there a way I can set a specific JwtDecoder based on the value coming from the header or enforce AM to use one particular algorithm?
The issue was with the configuration in the Access Management on the token encryption. It was blank but for some reason the JWT header showed HS256, that caused spring to look for the HS256 private key and fail. After I changed the setting to use RS256, everything started working.