小贝子编程

JWT 验证策略在使用 Azure API 管理更改为其他受众时突然无效



我在更改下面用于 APIM 中 JWT 验证的受众元素的值时遇到了一个奇怪的问题,参考下面的链接

https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT

1个新链接: https://new.onelogin.com/oidc/token

我只在 2 中更改了旧版本的受众元素的值。但是当我尝试保存策略时,我从 APIM 门户收到以下验证错误:

The element 'validate-jwt' has invalid child element 'openid-config'. List of possible elements expected: 'required-claims'.

请注意,2 中的旧版本不需要"必需声明"元素。

client_id=新 xxx

    <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Error: expired token or invalid token" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
        <audiences>
            <audience>new xxx</audience>
        </audiences>
        <issuers>
            <issuer>https://openid-connect-eu.onelogin.com/oidc</issuer>
        </issuers>
       <openid-config url="https://openid-connect-eu.onelogin.com/oidc/.well-known/openid-configuration" />
    </validate-jwt>

2 旧的网址和 jwt 验证,它可以工作。

https://old.onelogin.com/oidc/token 

     client_id=old xxx
    <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Error: expired token or invalid token" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
        <audiences>
            <audience>old xxx</audience>
        </audiences>
        <issuers>
            <issuer>https://openid-connect-eu.onelogin.com/oidc</issuer>
        </issuers>
       <openid-config url="https://openid-connect-eu.onelogin.com/oidc/.well-known/openid-configuration" />
    </validate-jwt>

知道吗?

更新:

现在,即使是有效的原始策略也存在问题,甚至没有任何更改:

The element 'validate-jwt' has invalid child element 'openid-config'. List of possible elements expected: 'required-claims'.
您需要

在xml中向上移动openid-config并将其保留在validate-jwt开始标记的正下方。请看下面:

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
    <openid-config url="" />
    <issuer-signing-keys>
        <key>Base64 Encoded Key</key>
    </issuer-signing-keys>
    <audiences>
        <audience></audience>       
    </audiences>
    <issuers>
        <issuer></issuer>
    </issuers>  
</validate-jwt>

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium