An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

Question 1

An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

spring-security openam spring-oauth2 forgerock

Adnan Mamajiwala · Jun 17, 2019 · Viewed 18.2k times · Source

Answer

Answer

The issue was with the configuration in the Access Management on the token encryption. It was blank but for some reason the JWT header showed HS256, that caused spring to look for the HS256 private key and fail. After I changed the setting to use RS256, everything started working.

Question 2

I am trying setup OAuth2-OpenID Connect with ForgeRock OpenAM integrated with spring security and am getting the following error

2019-06-17 15:01:42.576 DEBUG 62255 --- [nio-8090-exec-2] .o.s.r.w.BearerTokenAuthenticationFilter : 
Authentication request for failed: org.springframework.security.oauth2.core.OAuth2AuthenticationException: 
An error occurred while attempting to decode the Jwt: 
Signed JWT rejected: Another algorithm expected, or no matching key(s) found

The Jwk .well-known uri returns the following supported algorithms:

"id_token_signing_alg_values_supported": [
    "PS384",
    "ES384",
    "RS384",
    "HS256",
    "HS512",
    "ES256",
    "RS256",
    "HS384",
    "ES512",
    "PS256",
    "PS512",
    "RS512"
  ]

The decoded JWT shows the following header:

{
  "typ": "JWT",
  "zip": "NONE",
  "alg": "HS256"
}

Is there a way I can set a specific JwtDecoder based on the value coming from the header or enforce AM to use one particular algorithm?

An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found

Answer

Related questions