oidc_proto_parse_idtoken: calculated Authentication Tag hash differs from the Authentication Tag in the encrypted JWT #1015
TusharDarmora03
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We are using Apache version 2.4 and using mod_auth_openidc module for OIDC configuration . Below are our configuration
`OIDCRedirectURI http://:80/callback/
OIDCProviderMetadataURL https://fr.domain.com/oauth2/.well-known/openid-configuration
OIDCClientID test3
OIDCClientSecret xxxxxxxxx
OIDCCryptoPassphrase ChangeThisToAnyValueOfYourChoice
OIDCResponseType "id_token"
OIDCScope "openid profile"
OIDCSSLValidateServer Off
OIDCPassClaimsAs both
OIDCClaimDelimiter ^
OIDCResponseMode form_post
OIDCCacheShmEntrySizeMax 131072
OIDCSessionMaxDuration 28800
OIDCIDTokenEncryptedResponseAlg RSA-OAEP
OIDCIDTokenEncryptedResponseEnc A256CBC-HS512
OIDCIDTokenSignedResponseAlg HS256
OIDCClientJwksUri https://fr.domain.com/oauth2/connect/jwk_uri
<Location "/">
AuthType openid-connect
Require valid-user
#Specific headers to put to the applications are a copy of the oidc claim headers
RequestHeader set uid "%{oidc_claim_uid}e"
`
We are using implicit flow with id_token encryption and we are getting the below error
[auth_openidc:error] [pid 68766] [client 10.4.67.115:58247] oidc_proto_parse_idtoken: apr_jwt_parse failed for JWT with header "{"typ":"JWT","kid":"DkKMPE7hFVEn77WWhVuzaoFp4O8=","cty":"JWT","enc":"A256CBC-HS512","alg":"RSA-OAEP"}": [src/jose/apr_jwe.c:481: apr_jwe_decrypt_content_aescbc]: calculated Authentication Tag hash differs from the Authentication Tag in the encrypted JWT\nBelow is our id_token
eyJ0eXAiOiJKV1QiLCJraWQiOiJEa0tNUEU3aEZWRW43N1dXaFZ1emFvRnA0Tzg9IiwiY3R5IjoiSldUIiwiZW5jIjoiQTI1NkNCQy1IUzUxMiIsImFsZyI6IlJTQS1PQUVQIn0.faVhXUJ_z6OvPLgqVSmmn2coM60v2HWdAR7DedwMe7zus5WFCw2ylQeOVlcH4C5iqlxo3nhDY7IGZvKJReZ1QlHC8eW4s73Hmr3TAkav78hAq0SxaCTsEzQtWfyArc8ZE5RXQCZ4J8sUh-dlTTStrJmvX9eFXBAnOe3OSav4sa4I7IS3vblWQLvFuiDBAiHxRYERs30cfBTTWbn9kglCF7-TToLNv8k3x_HaTZGef8B4p-f719Hb9gfpt1-t1qTjj0P3XFy5wx4MfW9aMiGDlkeA9B5e6FywmdTBpRoinVUwJ1yP_7qXUo5fIv10N_BTzOTfZVERwsW8hVIdvF6Oqw.vpgw2obCL88sIKp1PW9Vgw.mbGuzx87NjRaHqDellXfpJWAqXzsdQXQcC-SAQ0mAigxHUj1F7JZ1zWN5aaKcQTOO33W-07vyj8ZuBTH9bTBWXOTR03PEymCoXcb_YHeIVdahqUxU09k0Zt2t5FTCvBYaL_O6TfWZMlscaUT_oy2iHZ6PLESMcCI4UvscIna371GCh3xXEoiywQRHFJmvXWgTgQhbTBVtNYp0kmI6tS3Rtof1OmGLoukiiIUg6kqjbHI4f-_VUpe2uCng7jGSnignAcTrfdoaD6R945dejQt7KmAWfF-81_zTL8cJmtM0pNA__TKGvT3PqAd4np5t0D1pIEwdxCtTHSEzsb32h_MPiRqLYqKeZWy9Kx5ggTuBqIwLntTWlF3CZzFGHiR4aMZxOoqrhmTuLMWZ5T1VtW7hjzCEfTkhaPm-ymyEOtf0eusu4mXiVFEf7IqGY2fTOIbKr0ggfhWSCPo_9mfgSvvgG5UM1DRg60lel-jt1sIWx_nKODgW7uJK-Og9WiEKIn9J54FzHFY5hq8WSIYq9xr7W1CsM7H4LV-gZAGmF77S7qrPxjCzqzBObP3C4FJ4dgK_it3aApEjHjuHaV2UNwELu8HwfqT491EFC4nuCXKB1zcQwJNx3kjawx6xoLypX2Os6BglrPIHT2h36IZpYgYAd7R-hZ1WQlmszfrtHrANNmeNlhX6QXLUyg2P2LXkp7HiZPSXCePnOexCypxAGaRBqwuzjv-4OW7AmHVesAvSgSNwyxZ-Oz5TgYdTu9bEK3YFc_43UhvBhZQ0lL5gh4g8axY7Mw_Gi3BfZ2zczHthNf_mtuFpbYUmFeQE8qkn-b3Cj0MvmV3IXT3YYaEF4Hao0d50AGuWDoWZ5IZHdk4JDaOBZHsf3AxktTxkrELAdsU6zhsKu31ptkSx_0Xyal9kZIS_wHgNo1Cp1sBo0bmjKGoMNM9Ek693PQJDBHym7La3qVyEt9QOQCAtcr_Kf8gd5MOYzBCKIyO6kOiRoyKTWMAiZYBXW-Kgl2oPCiY8SDtABjBqAbKipQMW2CZJOV4KqaRu_TSc0MAkn8waWjRd921YVlNBoYxLEMKnY3XJQOIPNU2Nr_reFmrvnpmLsv855GCcS-4YHT_8RL2f576uE_vr5p0uY6FRzxoiOrYnaXiIYjFYavN6UcvPGXqpny54MxUsIwWolqE1liHLMZMzSJyt3AWod3VoVOjaUkELlj1L1dWnwNrEjW5tFL-KsukOVRyXUx0LEPhdwY558iBzpSyZzXmJdwg-pjFcxHPyEZsSDbFPPpjt5EDu5yYDPJ-Kosgr-URdPKFcb9Zgm444SbxDKY7eA7UiJX_Hku-6DfrAjAds6bTWCexsKU_rNNafjxXWyOCZetW6yTHfYrRNHY.6D0ywMbgA-wtqE9Tz_KwLetKRtA1ciixtY8m7wGZtBo&state=XEoZnK1D5sVUWYj7zobS-XrbN2UBeta Was this translation helpful? Give feedback.
All reactions