I would suggest du increase the log verbosity of slurmrest and see if there
is more information in the log file
On Thu, Oct 5, 2023 at 3:34 PM Laurence wrote:
> Coming back to this, it is failing again and I don't know why.
>
> *slurmctld: error: failed to verify jwt, rc=22*
> *slurmctld: error:
Coming back to this, it is failing again and I don't know why.
/slurmctld: error: failed to verify jwt, rc=22//
//slurmctld: error: could not find matching kid or decode failed/
The kids seem to match and python code I have verifies the jwt with the
jwks. Does anyone have any ideas on what the
Hi Ümit,
Thanks for the reply. Yes, it looks like this is the issue. Although
from the master branch it suggests that the claim_field can also be used
but this is not in the version we have deployed.
Cheers,
Laurence
On 24.03.23 16:51, Ümit Seren wrote:
Looks like you are missing the userna
Looks like you are missing the username field in the JWT token:
https://github.com/SchedMD/slurm/blob/slurm-22-05-8-1/src/plugins/auth/jwt/auth_jwt.c#L419
You have to make sure that your JWT token contains the SLURM username as an
attribute (https://slurm.schedmd.com/jwt.html#compatibility).
On
Hi,
After verifying the JWT and JWKS with some Python code, it magically
seems to work. At least the error has changed to /auth_p_verify:
jwt_get_grant failure. /This suggests I need to update something in the
authorization policy. Will do that now but if anyone has done this
before and can g
Hi Ümit,
Thanks for your reply. We are using Keycloak and the JWKS does contain
this parameter. I will continue to debug but any suggestions would be
greatly appreciated.
Cheers,
Laurence
On 23.03.23 11:42, Ümit Seren wrote:
If you use AzureAD as your identity provider beware that their JWK
If you use AzureAD as your identity provider beware that their JWKS json
doesn't contain the alg parameter.
We opened an issue: https://bugs.schedmd.com/show_bug.cgi?id=16168 and it
is confirmed.
As a workaround you can use this jq query to add the alg to the jwks json
that you get from AzureAD:
cu
