0

I need JWT token and scope validation at the Helidon SE service where my REST APIs are exposed.

I am using OIDC provider by following "https://helidon.io/docs/v2/#/se/security/02_providers#_oidc_provider". I am getting the below error when I do run as Maven build from eclipse. My application is getting started without the below said error when I run this application from eclipse. I have generated JWT token using postman and invoked the API from helidon web server. I am getting 200 response, but I don't see that the JWT token validation before accessing resource. I was getting success even with modified JWT or without authorization header. I have exactly followed https://helidon.io/docs/v2/#/se/security/02_providers#_oidc_provider . Please help me to make JWT token validation part working.

error io.helidon.config.MissingValueException: Requested value for configuration key 'security.providers' is not present in the configuration.

Anbu
  • 1
  • It is hard to tell what is wrong with the little info share here. I woudl hazard a guess that the issue is limited to the configuration file you are using in your app. Definitely, security.providers is the place to check. Have you defined it correctly? Are the providers defined under it as an array? Is the tabbing/spacing correct? there are 10 different ways to fail in properties or yaml - eliminate them all. Please share your configuration file here. – Ashwin Prabhu Jun 20 '23 at 10:25
  • Used the content from https://github.com/helidon-io/helidon/blob/main/examples/security/idcs-login/src/main/resources/application.yaml after replacing correct value under properties section and redirect to false. I am getting 401 response for the URI "/rest/profile" with the header [ "WWW-Authenticate" : Bearer realm="helidon" ] in the response. But I was sending JWT token as Bearer token via Authorization header in the request for the URI "/rest/profile" which is protected. Since other URIs are not protected, it was getting executed with anon access. – Anbu Jun 20 '23 at 13:02

2 Answers2

2

you are missing security.providers property in your configuration, it is described in the mentioned security providers documentation.

Maybe check out our OIDC example with IDCS https://github.com/helidon-io/helidon/tree/helidon-3.x/examples/security/idcs-login

Daniel Kec
  • 529
  • 2
  • 8
  • I have exactly followed above link and used the content from https://github.com/helidon-io/helidon/blob/main/examples/security/idcs-login/src/main/resources/application.yaml after replacing correct value under properties section and redirect to false. I am getting 401 response for the URI "/rest/profile" with the header [ "WWW-Authenticate" : Bearer realm="helidon" ] in the response. But I was sending JWT token as Bearer token via Authorization header in the request for the URI "/rest/profile" which is protected. Since other URIs are not protected, it was getting executed with anon access. – Anbu Jun 20 '23 at 12:41
2

It is hard to tell what is wrong with the little info shared in the question. I would hazard a guess that the issue is limited to the configuration file you are using in your application.

Definitely, security.providers would be the first place to check. Have you defined it correctly? Are the providers defined under it as an array? Is the tabbing/spacing correct? The link you shared in the comment has incorrect spacing.

It should be

providers:
  - abac:
    # Adds ABAC Provider - it does not require any configuration
  - oidc:
      client-id: "${security.properties.idcs-client-id}"

and not

providers:
- abac:
  # Adds ABAC Provider - it does not require any configuration
- oidc:

That apart, there are 'N' different ways to fail in properties or yaml - eliminate them all by semantically checking the configuration.

Ashwin Prabhu
  • 9,285
  • 5
  • 49
  • 82
  • I have corrected yaml semantically and i am seeing the response with the below header. But the same token is valid when i check it via introspect. From the log i see that the token is going to my service as bearer token. [WWW-Authenticate: Bearer realm="helidon", error="invalid_token", error_description="Token not valid"] – Anbu Jun 21 '23 at 04:31
  • If the token is verified to be valid by other external means, but the security provider is executing and failing the token, it can be because the configuration values you have supplied do not match the actual values of the provider. – Ashwin Prabhu Jun 21 '23 at 05:31
  • It works after fixing audience property. Thank you. – Anbu Jun 21 '23 at 11:28