Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Exception when following Azure AD tutorial[BUG]

See original GitHub issue

Describe the bug I get the following exeption when using the example Authenticate stateless APIs using AAD app roles

Exception or Stack Trace

com.nimbusds.jose.proc.BadJOSEException: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
 com.nimbusds.jwt.proc.DefaultJWTProcessor.<clinit>(DefaultJWTProcessor.java:99)
 com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager.getAadJwtTokenValidator(UserPrincipalManager.java:153)
 com.microsoft.azure.spring.autoconfigure.aad.UserPrincipalManager.buildUserPrincipal(UserPrincipalManager.java:126)
 com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter.verifyToken(AADAppRoleStatelessAuthenticationFilter.java:76)
 com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter.doFilterInternal(AADAppRoleStatelessAuthenticationFilter.java:56)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:92)
 org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:77)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
 org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
 org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
 org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
 org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
 org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
 org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
 org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590)
 org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
 java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
 java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630)
 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
 java.base/java.lang.Thread.run(Thread.java:832)\r\n",
    "message": "Signed JWT rejected: Another algorithm expected, or no matching key(s) found",
    "path": "/api/products"

To Reproduce setup: POM:

<dependency>
	<groupId>com.microsoft.azure</groupId>
	<artifactId>azure-active-directory-spring-boot-starter</artifactId>
	<version>2.3.2</version>
</dependency>

azure.activedirectory.client-id=36fa87ac-27cc-43fa-ab4a-02151effb2c4
azure.activedirectory.client-secret=XXXXXXXXXXXX-
azure.activedirectory.session-stateless=true

@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
    }

}

Code Snippet Add the code snippet that causes the issue.

Expected behavior verify token and grant access to api

Setup (please complete the following information):

  • OS: windows 10
  • IDE : IntelliJ
  • 2.3.2

Additional context Add any other context about the problem here.

Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report

  • [ x] Bug Description Added
  • [ x] Repro Steps Added
  • [ x] Setup information Added

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:7 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
harry12345678910commented, Jul 13, 2020

It is working now. Thanks a lot for your support!! I have to figure out the roles functionality now.

0reactions
harry12345678910commented, Jul 14, 2020

It is working now. Thanks a lot for your support!! I have to figure out the roles functionality now.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Use the Spring Boot Starter for Azure Active Directory B2C
Learn how to configure a Spring Boot Initializr app with the Azure Active Directory B2C starter.
Read more >
Graph API in SSO is not working in Azure AD - Stack Overflow
I am trying to develop a Java web application with SSO by following this azure tutorial. I created an account in Azure and...
Read more >
Azure AD aggregation issue - processReadRequest ...
Partition: An error occurred while attempting to create task partitions for Application: Failed to Aggregate Exception occurred in ...
Read more >
Getting error while creating Azur AD sync project. - One Identity
Exception ] [HttpRequestException]: An error occurred while sending the request. [WebException]: The remote name could not be resolved: 'login.windows.net'. [ ...
Read more >
Managed Identities with Azure AD (Active Directory) Tutorial
Azure AD Managed Identities are one of the best features when it comes to authentication across multiple Azure services.
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

[BUG] BlobClient.downloadToFile hangs under concurrent usage

Next page

Cosmos Client Builder overrides direct connection config idleConnectionTimeout with gateway connection config