Jwt issuer is not configured

drduker · August 30, 2022, 9:56pm

I’m running into this error when trying to allow a jwt token through the ingress-gateway.
error:

Jwt issuer is not configured

My istio’s namespace is where the RequestAuthentication and the AuthorizationPolicy are set. My app is running in a different namespace.

Here are the rules:

kind: AuthorizationPolicy
metadata:
  name: jwt-rule
  namespace: istio-system
spec:
  rules:
  - from:
    - source:
        requestPrincipals:
        - '*'
  selector:
    matchLabels:
      protect: authservice
---
apiVersion: security.istio.io/v1beta1
kind: RequestAuthentication
metadata:
  name: jwt-rule
  namespace: istio-system
spec:
  jwtRules:
  - forwardOriginalToken: true
    issuer: https://keycloak.example.com/auth/realms/test
    jwks: '..removed..'
  - forwardOriginalToken: true
    issuer: https://app.example.com
    jwksUri: https://app.example.com/v1/.well-known/jwks.json
  selector:
    matchLabels:
      protect: authservice

gateway’s log

TIMESTAMP "GET /v1/websoc/info?access_token=<JWTHERE>&t=1661895689934 HTTP/1.1" 401 - jwt_authn_access_denied{Jwt_issuer_is_not_configured} - "-" 0 28 2 - "IP,IP" "<USER AGENT>" "f621212e-4415-459a-a06b-7be252500dd5" "app.example.com" "-" outbound|1003||apigateway.app.svc.cluster.local -IP:8443 IP:45187 app.example.com -

Topic		Replies	Views
Istio JWT authentication does not seem to be working Security	7	5739	January 27, 2021
Istio AuthorizationPolicy configuration issue: JWT authentication not working within specified namespace Security security	0	378	June 12, 2023
Struggling with JWT auth Security	1	680	January 4, 2022
AuthorizationPolicy not Enforced Security security	2	949	October 8, 2020
Istio 1.7 - JWT authentication policy problem Security	8	2249	September 23, 2020

Jwt issuer is not configured

Related topics