Vault & JWT authentication method

Vault
1

Hi everyone,

I try to connect a Vault server to my internal Gitlab server (using self-signed SSL certificate authentication).

I use the JWT method.

When I run this command:

vault write auth/jwt/config \

jwks_url="https://gitlab.example.com/-/jwks" \

bound_issuer="gitlab.example.com"

I have the following error:

Error writing data to auth/jwt/config: Error making API request.

URL: PUT http://127.0.0.1:8200/v1/auth/jwt/config

Code: 400. Errors:

* error checking jwks URL: fetching keys oidc: get keys failed Get "https://gitlab.XXXX.XXX/-/jwks": x509: certificate signed by unknown authority

If I add the following option -tls-skip-verify

vault write -tls-skip-verify auth/jwt/config \

jwks_url="https://gitlab.example.com/-/jwks" \

bound_issuer="gitlab.example.com"

I have the same error

Thanks for the help.

2

I have the following error:

vault write auth/jwt/config jwks_url=β€œhttps://gitlab.mycompany.ru/-/jwks” bound_issuer=β€œgitlab.mycompany.ru”
Error writing data to auth/jwt/config: Error making API request.

URL: PUT https://0.0.0.0:8200/v1/auth/jwt/config
Code: 400. Errors:

  • error checking jwks URL: fetching keys oidc: failed to decode keys: expected Content-Type = application/json, got β€œtext/html; charset=utf-8”: invalid character β€˜<’ looking for beginning of value
3

I have the same issue. Is there anyone who can help?

4

I found solution. I used parameter jwks_ca_pem=@<path_to_pem>
It is documented under below link but it wasn’t that obvious when I checked this document first time.
JWT/OIDC - Auth Methods - HTTP API | Vault | HashiCorp Developer

1 Like