New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JWT authentication causing "Epoch 0 terminated with an error" in Envoy #15084
Comments
|
Can you provide the full log? After |
Here's the error bit, let me know if you want the full output of |
|
This happens the moment I make a request with my access token. |
|
@divya21raj thanks for the report, we're looking into this issue and will get back to you soon. |
|
Update, upon checking the envoy logs with this filter ->
I see this A seg fault after line 82 in jwt_authenticator.cc ? |
|
should this be closed - I don't see a PR associated with it. this is referred as a fixed item in rel note. |
Bug description
I'm trying to implement service to service JWT authentication like something shown in this repo. While it's working fine with Auth0, I'm having trouble while setting it up with my company's authentication service. I made the service architecture by following this article, you can see my repository here.
This is the policy I'm applying ->
I'm hosting the public key locally, you can find it here too.
If I hit the service with an invalid access key (say it's expired), I'm getting a 401 as expected, but a valid access key gives a
503: upstream connect error or disconnect/reset before headers. reset reason: connection failureUpon checking the logs for the envoy proxy of the publisher pod, I can see this ->
Epoch 0 terminated with an error: signal: segmentation fault (core dumped)This log message isn't there when working successfully with Auth0, so I think this might be a hint. But looking at the lines in the source code where this log message is present, I can't figure out much....
One reason I think this might occur is the different keys in access token I'm passing. The Auth0 access token has the following keys ->
And my access token looks like this ->
Anybody has any ideas, I've been stuck for quite some time now, any help will be appreciated..!
Affected product area (please put an X in all that apply)
[ ] Configuration Infrastructure
[ ] Docs
[ ] Installation
[ ] Networking
[ ] Performance and Scalability
[x] Policies and Telemetry
[x] Security
[ ] Test and Release
[ ] User Experience
[ ] Developer Infrastrcture
Expected behavior
200 on valid Access Token
Steps to reproduce the bug
Sadly not possible, as the access token I'm using is private to my company :(
Version (include the output of
istioctl version --remoteandkubectl version)version.BuildInfo{Version:"1.1.7", GitRevision:"eec7a74473deee98cad0a996f41a32a47dd453c2", User:"root", Host:"341b3bf0-76ac-11e9-b644-0a580a2c0404", GolangVersion:"go1.10.4", DockerHub:"docker.io/istio", BuildStatus:"Clean", GitTag:"1.1.6-6-geec7a74"}How was Istio installed?
Helm template, I followed this article.
Environment where bug was observed (cloud vendor, OS, etc)
Windows 10, running the cluster on Minikube.
Additionally, please consider attaching a [cluster state archive](http://istio.io/help/bugs/#generating-a-cluster-state-archive
istio-dump.tar.gz
) by attaching
the dump file to this issue.
The text was updated successfully, but these errors were encountered: