This repository has been archived by the owner on May 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 22
Debug Origin authentication failed
Scott Ganyo edited this page Jul 31, 2018
·
1 revision
The Origin authentication failed. message is specific to JWT token authorization and is returned by the Istio proxy. When this happens, it means that the JWT token itself could not be validated and the request never reaches the Mixer adapter.
apigee-istio -o theganyo1-eval -e test token inspect -f path/to/file
or
apigee-istio -o theganyo1-eval -e test token inspect <<< "<your token>"
The targets section must include your Istio service:
targets:
- name: helloworld
Your issuer and jwks_uri should match your Apigee org and env:
origins:
- jwt:
issuer: https://organization-env.apigee.net/istio-auth/token
jwks_uri: https://organization-env.apigee.net/istio-auth/certs
istioctl get policy <your policy name> -o yaml
The output should match your authentication policy.
kubectl logs helloworld-v1-679bf9b67b-2mts4 istio-proxy
You should see some logging that starts like this:
Loaded JwtAuthConfig: {
"rules": [
{
"issuer": "https://theganyo1-eval-test.apigee.net/istio-auth/token",
"local_jwks": { ...
It should match your authentication policy.