gpt4 book ai didi

azure - 使用 Azure API 管理更改为不同受众时,JWT 验证策略突然无效

转载 作者:行者123 更新时间:2023-12-02 07:46:37 25 4
gpt4 key购买 nike

我在更改 APIM 中 JWT 验证的受众元素值时遇到了一个奇怪的问题,引用链接如下

https://learn.microsoft.com/en-us/azure/api-management/api-management-access-restriction-policies#ValidateJWT

1 个新链接: https://new.onelogin.com/oidc/token

我只在 2 中更改了旧版本中受众元素的值。但是当我尝试保存策略时,我从 APIM 门户收到以下验证错误:

The element 'validate-jwt' has invalid child element 'openid-config'. List of possible elements expected: 'required-claims'.

请注意,2 中的旧版本不需要“required-claims”元素。

client_id=新xxx

    <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Error: expired token or invalid token" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
<audiences>
<audience>new xxx</audience>
</audiences>
<issuers>
<issuer>https://openid-connect-eu.onelogin.com/oidc</issuer>
</issuers>
<openid-config url="https://openid-connect-eu.onelogin.com/oidc/.well-known/openid-configuration" />
</validate-jwt>

2 旧的 url 和 jwt 验证,它有效。

https://old.onelogin.com/oidc/token

     client_id=old xxx

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Error: expired token or invalid token" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
<audiences>
<audience>old xxx</audience>
</audiences>
<issuers>
<issuer>https://openid-connect-eu.onelogin.com/oidc</issuer>
</issuers>
<openid-config url="https://openid-connect-eu.onelogin.com/oidc/.well-known/openid-configuration" />
</validate-jwt>

有什么想法吗?

更新:

现在,即使没有任何改变,即使原来有效的政策也存在问题:

The element 'validate-jwt' has invalid child element 'openid-config'. List of possible elements expected: 'required-claims'.

最佳答案

您需要将 openid-config 在 xml 中向上移动,并将其保留在 validate-jwt 开始标记下。请看下面:

<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized" require-expiration-time="true" require-scheme="Bearer" require-signed-tokens="true">
<openid-config url="" />
<issuer-signing-keys>
<key>Base64 Encoded Key</key>
</issuer-signing-keys>
<audiences>
<audience></audience>
</audiences>
<issuers>
<issuer></issuer>
</issuers>
</validate-jwt>

关于azure - 使用 Azure API 管理更改为不同受众时,JWT 验证策略突然无效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57192353/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com