JWT token in the URL params doesn't work

[bre...@elementdata.com]

Hi,

This is the continuation of the post:  https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!searchin/search-guard/jwt%7Csort:date/search-guard/IpZ3AR_rLrA/WLFkGAsEAQAJ

I am not able to pass JWT token in the URL parameters.

1. It does work with Header:

curl -k -i http://localhost:5601/app/kibana -H "Authorization: Bearer mytoken"

2. If I try the same thing with url_params it fails:

curl -k -i http://localhost:5601/app/kibana?Authorization=mytoken

Here is the log

[2018-07-19T23:59:12,398][DEBUG][c.f.s.c.PrivilegesEvaluator]   found a match for 'sg_kibana_server' and cluster:monitor/nodes/info, skip other roles
[2018-07-19T23:59:12,400][DEBUG][c.f.s.a.BackendRegistry  ] Try to extract auth creds from jwt http authenticator
[2018-07-19T23:59:12,400][DEBUG][c.f.d.a.h.j.HTTPJwtAuthenticator] Invalid or expired JWT token.
io.jsonwebtoken.MalformedJwtException: JWT strings must contain exactly 2 period characters. Found: 0
 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:235) ~[jjwt-0.9.0.jar:0.9.0]
 at io.jsonwebtoken.impl.DefaultJwtParser.parse(DefaultJwtParser.java:481) ~[jjwt-0.9.0.jar:0.9.0]
 at io.jsonwebtoken.impl.DefaultJwtParser.parseClaimsJws(DefaultJwtParser.java:541) ~[jjwt-0.9.0.jar:0.9.0]
 at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator.extractCredentials0(HTTPJwtAuthenticator.java:158) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
 at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator.access$000(HTTPJwtAuthenticator.java:48) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
 at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator$1.run(HTTPJwtAuthenticator.java:123) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
 at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator$1.run(HTTPJwtAuthenticator.java:120) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
 at java.security.AccessController.doPrivileged(Native Method) [?:1.8.0_171]
 at com.floragunn.dlic.auth.http.jwt.HTTPJwtAuthenticator.extractCredentials(HTTPJwtAuthenticator.java:120) [dlic-search-guard-enterprise-modules-6.2.4-31.2.jar:6.2.4-31.2]
 at com.floragunn.searchguard.auth.BackendRegistry.authenticate(BackendRegistry.java:381) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]
 at com.floragunn.searchguard.filter.SearchGuardRestFilter.checkAndAuthenticateRequest(SearchGuardRestFilter.java:125) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]
 at com.floragunn.searchguard.filter.SearchGuardRestFilter.access$000(SearchGuardRestFilter.java:48) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]
 at com.floragunn.searchguard.filter.SearchGuardRestFilter$1.handleRequest(SearchGuardRestFilter.java:75) [search-guard-6-6.2.4-22.1.jar:6.2.4-22.1]

Any help is appreciated!

Thanks,

Brenda